EDR: Windows sensor cannot connect to Server unless TLS 1.0 protocol is enabled
search cancel

EDR: Windows sensor cannot connect to Server unless TLS 1.0 protocol is enabled


Article ID: 288196


Updated On:


Carbon Black EDR (formerly Cb Response)


  • CB Response: Windows sensor cannot connect to CB Response Server. 
  • Sensor.log shows these errors:
Tid[067C] 2019-03-05 00:15:58 (e): WinHttpSendRequest() failed: WinError[0x00002EFE]
Tid[067C] 2019-03-05 00:15:58 (e): Unable to complete request from HTTP transaction
Tid[067C] 2019-03-05 00:15:58 (w): Failed to registerHTTPCode[2147954430] HrError[0x80072EFE]
Tid[067C] 2019-03-05 00:15:58 (i): failed to register HrError[0x80072EFE]
Tid[067C] 2019-03-05 00:15:58 (w): Unable to properly synch with server HrError[0x80072EFE]
Tid[067C] 2019-03-05 00:15:58 (e): WinHTTP indicated a TLS/SSL error, WinXP and Server2008 sensors require the Cb Response server enable TLS1.0 for secure communication.


  • EDR (formerly CB Response): All Versions
  • EDR Sensor: 6.2.1 and Higher
  • Microsoft Windows: Server 2008 SP 2


The endpoint Windows host is unable to use the strong TLS protocols enabled on the Server.


  1. Enable TLS 1.2 on the Server 2008 environment
  2. Install sensor versions within the 6.1.x branch 

Additional Information

  • TLS 1.0 is susceptible to man in the middle attacks with vulnerabilities such as BEAST, POODLE, DROWN, etc.Consider these vulnerabilities before requesting TLS 1.0 be enabled in the environment.
  • We recommend moving to a newer OS that supports a more recent cryptographic protocol (TLS 1.2) in order to successfully establish a connection with the CB Response Cloud Server safely
  • If enabling TLS 1.2, ensure the following keys and fields exist in regedit. Each field is of type Dword
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Server 
      DisabledByDefault 0 
      Enabled 1 
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Client 
      DisabledByDefault 0 
      Enabled 1
  • Ensure .Net is on a TLS 1.2 supported version
  • This issue can occur in on-prem environments depending on the security settings of the server
  • Sensor version 6.1.x will still work with older versions of TLS
  • TLS1.0 is not supported on CB Response Cloud