Duplicate Devices in Carbon Black Cloud After a Sensor Has Experienced Ungraceful System Shutdown
Article ID: 288228
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Carbon Black Cloud Prevention
Carbon Black Cloud Workload
Issue/Introduction
- Duplicate entries are seen for the same device in the console. Each with a different "Registered" Date/Time and a unique Device ID.
- Devices may go to the default "Standard" policy instead of the policy they were assigned at install.
- The Windows System Event log shows error 41's:
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly. - The sensor's confer.log then shows corruption errors followed by a registration attempt:
WARNING ZipContainerManager::ProcessExistingZipUnsafe: cannot load (corrupt) C:\ProgramData\CarbonBlack\DataFiles\datafile3: 12 resetting and re-requesting. ... ERROR DbSafeInitialize: failed to initialize C:\ProgramData\CarbonBlack\DataFiles\db_rep database: err[not an error] WARNING DbSafeInitialize: trying to recover INFO RepUtilRestoreSafeDbBackup: restored rep_db from safe backup ..... INFO CloudTask::OfflineInstall::RunTask: Offline Install detected and Cloud is now reachable - Attempting to register... INFO RepUtilRegisterAfterOfflineInstall: Beginning registration attempt..
Environment
- Carbon Black Cloud Windows sensors: All Supported Versions
- Carbon Black Cloud Backend: All Supported Versions
- Microsoft Windows: All Supported Versions
Cause
Ungraceful / hard shutdowns causing corruption of the sensor files. During this corruption the registration and policy information is lost, so it re-registers and may change policy depending on the settings enabled in the org.
Resolution
Investigations are underway to make the sensor more robust during ungraceful shutdowns. This being tracked under CRE-18013 / DSEN-27717 / DSEN-27719.
Feedback
Yes
No
Powered by
