EDR: Sensor failed to register with HrError [0x80072F8F] after successful installation
Article ID: 288486
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
- Sensor failed to register and does not appear in the UI
- Network capture shows Handshake Failure, denied by Server
- sensor.log from sensor diagnostics shows:
Tid[0574] 2019-08-20 07:08:10 (w): Failed to registerHTTPCode[2147954575] HrError[0x80072F8F]
Tid[0574] 2019-08-20 07:08:10 (i): failed to register HrError[0x80072F8F]
Tid[0574] 2019-08-20 07:08:10 (w): Unable to properly synch with server HrError[0x80072F8F]
Environment
- EDR Sensor: All Supported Versions
- Operating System: All
Cause
Unsupported Cipher Suites are being used on client endpoint.
Resolution
You need at least one Cipher suite to match in order to complete the TLS handshake. If they do not, you have two options
For Hosted EDR, you need one of the following Ciphers
- Enable a matching cipher suite on the endpoints. How to do this may be different between OS version, please see OS documentation for how to enable a specific Cipher per your OS and Version. EDR: How to Determine Cipher Matching Between Endpoint and Server
- Enable Ciphers on the Server EDR: How to Update SSL Ciphers Used for Communication
For Hosted EDR, you need one of the following Ciphers
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_RSA_WITH_AES_128_CBC_SHA256
- TLS_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_256_CBC_SHA256
- TLS_RSA_WITH_AES_256_GCM_SHA384
Feedback
Yes
No
Powered by
