App Control: Agents disconnecting in 8.1.8 or 8.1.10 console with AD mappings enabled
search cancel

App Control: Agents disconnecting in 8.1.8 or 8.1.10 console with AD mappings enabled

book

Article ID: 289000

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

  • Agents show as disconnected in the console, but the agents are online and should be connected
  • Manually Running 'Dascli Status' locally on system shows the agent connected, but session inactive
    Connection: Connected (Ok)
    Session: Inactive
  • Excessive latency when doing AD queries to map agents to policy seen in the ServerLog.bt9:
    HostStorage::MapUsersToHostgroupUsingScript: AD query: 80136 ms
  • Windows System Events may show the server service crashing:
    The Cb Protection Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Environment

App Control Server: 8.1.8 and 8.1.10

Cause

Caused by performance issues on encryption of secure LDAP queries

Resolution

This issue is resolved in our latest releases, so please upgrade the server app to version 8.5 or higher

The following temporary workaround exist until the upgrade can be completed:
  1. Stop the CB Protection Server and Reporter Services
  2. Backup the "Classes.vbs" and the "QueryAD.vbs" files located here: 
    C:\Program Files (x86)\Bit9\Parity Server\scripts\
  3. Download the 8.1.6 version of those files HERE
  4. Replace the existing files in the folder with the new ones
  5. In SQL Management Studio please run the following query to delete the database backup:
    use das; delete from dbo.file_streams where name = 'Classes.vbs'
    use das; delete from dbo.file_streams where name = 'QueryAD.vbs'
    
  6. Start the CB Protection Server and Reporter Services