App Control: Disconnected Agent - Netstat Results in 'TIME_WAIT' instead of 'ESTABLISHED' for Port 41002
search cancel

App Control: Disconnected Agent - Netstat Results in 'TIME_WAIT' instead of 'ESTABLISHED' for Port 41002

book

Article ID: 290083

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

  • Disconnected Agent
  • dascli status shows client information as 'Disconnected (waiting)
  • netstat -ano | findstr "41002" returns 'TIME_WAIT' instead of 'ESTABLISHED'
  • Windows Event Logs may show the following error "A fatal error occurred while creating a TLS client credential. The internal error state is 10013"
  • Trace.bt9 with high debugging enabled may show either or both of the following: 
    Server Communication: WaitForResponse End: m_bIsSleeping[0] IsSleeping[0] GetHttpStatus[0]  GetWinHttpError[0]  GetSslError[2147483648]  DataAvailable[0]
Server Communication: WinHTTP communication error: 12175

Environment

  • App Control Agent: All Versions
  • Microsoft Windows: All Supported Versions

Cause

  • TLS and/or Cipher Suites Not Enabled on OS

Resolution

  1. Use a tool like IISCrypto to display and modify the TLS Protocols & Cipher Suites on the system (https://www.nartac.com/Products/IISCrypto/Download)
  2. Using IIS Crypto, compare a connected systems' TLS Protocols & Cipher Suites settings to ensure the non-connected device uses the very same protocols and cipher suites
  3. Once a match is confirmed, reboot the device in order for the settings to be applied
  4. Once rebooted, confirm if device is now showing as connected in the console, and that the netstat -ano | findstr "41002" returns 'ESTABLISHED'

Additional Information

  • All other connection testing methods seem to show no issues with connection - only the netstat command from above proves to be incomplete/not correct
Powered by Wolken Software