App Control: Remediating Unified Management Authentication Errors
Article ID: 291397
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
How to remediate various authentication errors when configuring Unified Management in App Control.
Environment
- App Control Server: All Supported Versions
Resolution
| Authentication Message | Reason | Resolution |
| Server is reachable but authentication failed or required permissions are not assigned. | Account used to retrieve authentication token is missing permissions, does not exist, or the App Control Server service is not running. | Ensure the account used to authenticate exists on the client server and is assigned a User Role with the Administration permission, "Use Unified Management". Verify App Control Server Service on client service is running. |
| Server is not reachable. Authentication could not be tested. | The Server URL is incorrect, the system is not reachable over https, or App Control Server is not installed on the client machine. | Check the name, network connection, and server status of the client server. |
| Remote server does not support TLS 1.2, please upgrade it to latest version. | Misconfigured TLS settings or cipher suites. | Verify client server is using a compatible Schannel configuration. |
| The remote server needs to be at least version X. | App Control Server version running on client machine does not support Unified Management. | Upgrade software on client machine to a supported version of App Control Server. |
Additional Information
- When authenticating Unified Management, the management server is making an API call over port 443 using the specified credentials to get an authentication token from the client server.
- The management server only uses the credentials to retrieve an authentication token and does not store the password.
- After the connection to the client server is authenticated, the management server remains authenticated unless the server URL is changed.
- A user accessing a client server from the management server has the permissions of the account that is used to authenticate the connection, not their own permissions.
- When a user accesses a client server from the management server, actions the user takes appear in events as having been performed by the authentication account, not the logged-in user.
Feedback
Yes
No
Powered by
