• Agents are showing with Approvals Out of Date or Yara Rules Out of Date
• Agent is returning errors similar to:

  Error[Failed to obtain CL file[https://ServerAddress/hostpkg/pkg.php?pkg=configlistwithdeleteditems.xml.egk]: Error[WinHttpSendRequest Error[12029:]
  or
  Error[Failed to obtain file[https://ServerAddress/hostpkg/pkg.php?pkg=Yara.bt9]: Error[WinHttpReceiveResponse Error[12029:]

• App Control Console: All Supported Versions
• App Control Agent: All Supported Versions
• Microsoft Windows: All Supported Versions

Microsoft defines the WinHttpSendRequest  Error[12029] as:

ERROR_WINHTTP_CANNOT_CONNECT: 12029
Returned if connection to the server failed.

This error indicates that the endpoint has resolved the DNS name of the remote location, but cannot establish a connection with the remote location. Typically this happens when the port (such as 443) is blocked.

1. Verify traffic between the endpoint and the Resource Download Location (RDL) is not blocked by the firewall.
2. Use PowerShell on the endpoint to test the connection:

   tnc -ComputerName ServerAddressFQDN -Port 443 -InformationLevel "Detailed"

3. Log in to the endpoint encountering the error and use a browser to validate the file exists and can be downloaded (without error), example:

   https://ServerAddress/hostpkg/pkg.php?pkg=Yara.bt9

4. A matching set of Protocols and Cipher Suites must exist between the endpoints and the application server.
5. Manually import the problematic file on the endpoint (Yara, Configlist, TrustedCertList or Keychain)