Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: Agent Upgrade WinHttpSendRequest Error 12030

App Control: Agent Upgrade WinHttpSendRequest Error 12030

Environment

  • App Control Console: All Supported Versions
  • App Control Agent: All Supported Versions

Symptoms

  • Upgrading Agents via the Console produces the following error:
    Agent upgrade: Failed to download upgrade package: https://<ServerName>/hostpkg/pkg.php?pkg=/ParityHostAgent.msi. WinHttpSendRequest Error[12030:]
    • Able to download from the browser with the URL

    Cause

    Microsoft defines the WinHttpSendRequest Error[12030] as:
    12030: ERROR_WINHTTP_CONNECTION_ERROR
    The connection with the server has been reset or terminated, or an incompatible SSL protocol was encountered. 
    

    Resolution

    1. Verify traffic between the endpoint and the Resource Download Location (RDL) is not blocked by the firewall.
    2. A matching set of Protocols and Cipher Suites must exist between the endpoints and the application server.
      • No settings for TLS/Cipher Suites are available in App Control and all configuration must be done at the OS layer.
      • Typically these modifications must be done via the Registry or GPO, but a tool (such as IIS Crypto) may make it easier.
      • Assistance in editing the TLS & Cipher Suites in the Operating System may require support from Microsoft.
    3. Temporarily change the RDL to use http instead of https:
      1. Log in to the Console and navigate to System Configuration > Advanced Settings > Edit.
      2. Modify the RDL from https to http
        Default: https://**ServerIP**/hostpkg/pkg.php?pkg=
        Modified: http://**ServerIP**/hostpkg/pkg.php?pkg=
        
      3. Save the changes and allow the Agent(s) to complete the download & upgrade.
      4. Revert the changes to the RDL.
    4. Use a 3rd party application (such as SCCM) to complete the Agent upgrade:
      • Note: The communication issue preventing Agent Upgrades will also prevent future required file transfers.
      • It is strongly encouraged to resolve the underlying Protocol/Cipher Suite mismatch to prevent situations like Approvals out of Date.

    Related Content


    Labels (1)
    Was this article helpful? Yes No
    100% helpful (1/1)
    Article Information
    Author:
    Creation Date:
    ‎09-09-2020
    Views:
    3351
    Contributors