Upgraded sensor does not connect to the EDR server
Article ID: 288242
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
- Sensor fails to check in to the EDR console after an upgrade attempt.
- Sensor diagnostics "sensor.log" shows these errors:
Tid[11D4] 2019-03-15 17:51:13 (e): WinHttpSendRequest() failed: WinError[0x00002EE2] Tid[11D4] 2019-03-15 17:51:13 (e): Unable to complete request from HTTP transaction Tid[11D4] 2019-03-15 17:51:13 (w): Failed to registerHTTPCode[2147954402] HrError[0x80072EE2] Tid[11D4] 2019-03-15 17:51:13 (i): failed to register HrError[0x80072EE2] Tid[11D4] 2019-03-15 17:51:13 (w): Unable to properly synch with server HrError[0x80072EE2]
Environment
- EDR Server: All Versions
- EDR sensor : 6.x and Higher
Cause
Sensor fails to register/check-in to the EDR server after an upgrade attempt.
Resolution
1. Stop the EDR Sensor service using the instructions here.
2. Run these commands as elevated administrator in a command prompt
2. Run these commands as elevated administrator in a command prompt
fltmc (lists kernel drivers) fltmc unload carbonblackk (unload CB driver.. note the two "k's") fltmc (to confirm the driver is unloaded.
3. Now restart the EDR Sensor service using the instructions here and validate the sensor has successfully registered.
Feedback
Yes
No
Powered by
