CB Response: Windows Sensor fails to connect to the server after downgrading sensor version.
search cancel

CB Response: Windows Sensor fails to connect to the server after downgrading sensor version.

book

Article ID: 290882

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

  • Sensor version was just downgraded from version CB Response Windows Sensor 6.2.3
  • Sensor.log shows this error:
Tid[4BEC] 2019-08-25 19:17:23 (w): Unable to read server SSL cert HrError[0x80070002] 
Tid[4BEC] 2019-08-25 19:17:23 (e): Failed to read config value (CbServerCert) from registry HrError[0x80070002] 
Tid[4BEC] 2019-08-25 19:17:23 (w): Unable to read Client-side SSL cert HrError[0x80070002] 
Tid[4BEC] 2019-08-25 19:17:23 (e): Failed to read config value (SensorClientCert) from registry HrError[0x80070002] 
Tid[4BEC] 2019-08-25 19:17:23 (w): Unable to read Client-side SSL private key HrError[0x80070002] 
Tid[4BEC] 2019-08-25 19:17:23 (e): Failed to read config value (SensorClientKey) from registry HrError[0x80070002]

 

Environment

  • CB Response Sensor: 6.2.3
  • CB Response Server: All Versions
  • Microsoft Windows: All Supported Versions

Cause

The registry-related certificate settings needed by the 6.1.x series no long exists, so the sensor can't find the SSL connection parameters.
 

Resolution

Workaround:
  1. Uninstall the 6.2.3 sensor from the endpoint
  2. Perform a new install of the 6.1.x sensor

Additional Information

  • The downgrade process from the 6.2.3-win sensor will not allow the sensor to connect if the new sensor version is below 6.2.x version.
Powered by Wolken Software