Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: Agents Disconnected on Windows Server 2016

App Control: Agents Disconnected on Windows Server 2016

Environment

  • App Control Server: All Versions
  • Microsoft Windows Server 2016

Symptoms

  • Agents Disconnect After Upgrading the Application Server to Windows 2016.
  • Agents disconnect when installed on Server 2016 endpoints.

Cause

This issue can be caused by changes Microsoft implemented to the TLS ECC curve order on Windows Server 2016. This can potentially sever the connection between the server and the agents.

Resolution

We've seen this issue caused by changes Microsoft made to the cipher suite order in Microsoft Server 2016. 
  1. Open the Group Policy Management Console on the CB application server. 
  2. Navigate to Computer Configuration > Administrative Templates > Networks > SSL Configuration Settings.
  3. Double click ECC Curve Order.
  4. Click Enable.
  5. Type NistP256 and NistP384 into the ECC Curve Order box in the configuration dialog and click Apply.
  6. Reboot the device.

Additional Notes

You can confirm whether or not the issue is possibly TLS related by following the steps below:
  1. Run the local agent diagnostic collection: Cb Protection: Collecting agent logs locally for troubleshooting - Windows
  2. Navigate to the following location in Windows Explorer: C:\Programdata\Bit9\Parity Agent\Logs
  3. Open the Trace.bt9 file in Notepad.exe
  4. You can search the document for winhttp communication errors; Use the following Microsoft article to decipher the error code: Error Messages (Winhttp.h) - Win32 apps
  5. Once completed disable debugging outlined in the article from step 1
If you have specific questions or concerns regarding cipher suites please contact Microsoft for assistance.

Related Content


Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎08-23-2018
Views:
1350
Contributors