Environment

• App Control Console: All Supported Versions
• App Control Agent: All Supported Versions

Symptoms

• Upgrading Agents via the Console produces the following error:

  Agent upgrade: Failed to download upgrade package: https://<ServerName>/hostpkg/pkg.php?pkg=/ParityHostAgent.msi. WinHttpSendRequest Error[12030:]
• Able to download from the browser with the URL

Cause

12030: ERROR_WINHTTP_CONNECTION_ERROR
The connection with the server has been reset or terminated, or an incompatible SSL protocol was encountered. 

Resolution

1. Verify traffic between the endpoint and the Resource Download Location (RDL) is not blocked by the firewall.
2. A matching set of Protocols and Cipher Suites must exist between the endpoints and the application server.
   • No settings for TLS/Cipher Suites are available in App Control and all configuration must be done at the OS layer.
   • Typically these modifications must be done via the Registry or GPO, but a tool (such as IIS Crypto) may make it easier.
   • Assistance in editing the TLS & Cipher Suites in the Operating System may require support from Microsoft.
3. Temporarily change the RDL to use http instead of https:
   1. Log in to the Console and navigate to System Configuration > Advanced Settings > Edit.
   2. Modify the RDL from https to http

      Default: https://**ServerIP**/hostpkg/pkg.php?pkg=
      Modified: http://**ServerIP**/hostpkg/pkg.php?pkg=
      

   3. Save the changes and allow the Agent(s) to complete the download & upgrade.
   4. Revert the changes to the RDL.
4. Use a 3rd party application (such as SCCM) to complete the Agent upgrade:
   • Note: The communication issue preventing Agent Upgrades will also prevent future required file transfers.
   • It is strongly encouraged to resolve the underlying Protocol/Cipher Suite mismatch to prevent situations like Approvals out of Date.

Related Content