EDR: Sensor not communicating to EDR server through custom reverse proxy

search cancel

EDR: Sensor not communicating to EDR server through custom reverse proxy

book

Article ID: 291570

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

EDR sensor not communicating to EDR server through custom reverse proxy

Environment

EDR: All supported versions
Linux: All supported versions
Windows: All supported versions

Cause

A custom reverse proxy that has different server certificates than the one on EDR server

Resolution

Use the same cert on all sensors and server, so that they can properly communicate through the reverse proxy.

Additional Information

The following error can be found from cbdaemon.log:

[2022-02-21 17:48:59.475] [/var/opt/carbonblack/response/log/cbdaemon.log] [error] TryOldCert called for error 28
[2022-02-21 17:50:01.019] [/var/opt/carbonblack/response/log/cbdaemon.log] [warning] Attempt to access driver at /dev/cbsensor: No such file or directory
[2022-02-21 17:50:03.286] [/var/opt/carbonblack/response/log/cbdaemon.log] [error] TryOldCert called for error 90

And from sensor_comms.log:

0x80c8005a - CURLE_SSL_PINNEDPUBKEYNOTMATCH Failed to match the pinned key specified with CURLOPT_PINNEDPUBLICKEY.
0x80c8001c - Timeout was reached (TCP layer)

Feedback

thumb_up Yes

thumb_down No