App Control: New Agent Not Connecting to Server
Article ID: 290752
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
- Viewing the 'dascli status' shows that the agent is Disconnected (Waiting)
- Trace.bt9 file shows the following:
Server Communication: WaitForResponse End: m_bIsSleeping[0] IsSleeping[0] GetHttpStatus[0] GetWinHttpError[2] GetSslError[16] DataAvailable[0]
Environment
- App Control Agent: All Supported Versions
- Microsoft Windows: All Supported Versions
Cause
- This is due to a certificate issue
Resolution
To resolve, a new certificate needs to be generated in the console using a correct subject name.
- In the console, this is found under Settings > System Configuration > Security.
- Ensure that the common name used here matches the common name used by the server.
Additional Information
GetSslError[16] is defined as WINHTTP_CALLBACK_STATUS_FLAG_CERT_CN_INVALID.
This means that the hostname the client is connecting to doesn't match the certificate's subject or subject alternate name. I.e., the client is connecting to https://server1.mycompany.com, but the certificate has https://server2.mycompany.com. The way to fix this is to change the FQDN the client uses in the ConfigMgr console or to create a new certificate with the correct subject name.
This means that the hostname the client is connecting to doesn't match the certificate's subject or subject alternate name. I.e., the client is connecting to https://server1.mycompany.com, but the certificate has https://server2.mycompany.com. The way to fix this is to change the FQDN the client uses in the ConfigMgr console or to create a new certificate with the correct subject name.
Feedback
Yes
No
Powered by
