EDR: Newly upgraded sensor does not connect to the EDR server.
Article ID: 288242
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
- Sensor fails to check in to the EDR console after an upgrade attempt.
- Sensor diagnostics "sensor.log" shows these errors:
Tid[11D4] 2019-03-15 17:51:13 (e): WinHttpSendRequest() failed: WinError[0x00002EE2] Tid[11D4] 2019-03-15 17:51:13 (e): Unable to complete request from HTTP transaction Tid[11D4] 2019-03-15 17:51:13 (w): Failed to registerHTTPCode[2147954402] HrError[0x80072EE2] Tid[11D4] 2019-03-15 17:51:13 (i): failed to register HrError[0x80072EE2] Tid[11D4] 2019-03-15 17:51:13 (w): Unable to properly synch with server HrError[0x80072EE2]
Environment
- EDR (formerly known as CB Response): All Versions
- EDR sensor : All 6.x versions
Cause
Sensor fails to check in to the EDR server after an upgrade attempt.
Resolution
1. Stop the EDR Sensor service in services.msc snapin.
2. Run these commands as elevated administrator in a command prompt
2. Run these commands as elevated administrator in a command prompt
fltmc (lists kernel drivers) fltmc unload carbonblackk (unload CB driver.. note the two "k's") fltmc (to confirm the driver is unloaded.
3. Now restart the EDR Sensor service and monitor the WebUI Sensors page
Feedback
Yes
No
Powered by
