EDR: Windows Sensors are Not Communicating to the Server After Installation or Upgrade (Certificate Issue).
search cancel

EDR: Windows Sensors are Not Communicating to the Server After Installation or Upgrade (Certificate Issue).

book

Article ID: 291130

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

  • Sensor diagnostics file "sensorcomms.log" shows these errors:
Time | URL | HRESULT | Code | DurationMs | TxBytes | RxBytes | Throttle KB/s | Upload Speed KB/s
-------------------- + ---------------------------------------------------------------------------------------------------- + ---------- + ----- + ---------- + -------- + -------- + -------------------- + --------------------
2019-12-26 13:10:37 | https://cb.server.name.here:443/sensor/register/29530 | 0x80072f9a | 12186 | 0 | 0 | 0 | 500 | 0
2019-12-26 13:10:37 | https://cb.server.name.here:443/sensor/register/29530 | 0x80072f9a | 12186 | 0 | 0 | 0 | 500 | 0
2019-12-26 13:10:37 | https://cb.server.name.here:443/sensor/register/29530 | 0x80072f9a | 12186 | 0 | 0 | 0 | 500 | 0
  • Running the Windows certutil shows the following error:
c:\windows\system32 certutil -store carbonblack 

missing stored keyset



 

Environment

  • EDR Windows Sensor: All Supported Versions
  • EDR Server: All versions
  • Windows OS: All Supported Versions

Cause

During the install or upgrade of the sensor, the certificate keys were not installed properly.

Resolution

  1. Manually uninstall the corrupt sensor- https://community.carbonblack.com/t5/Knowledge-Base/CB-Response-How-to-uninstall-a-corrupt-Cb-Response-sensor/ta-p/66330
  2. Reinstall the sensor on the Windows Endpoint.