Environment
- App Control Server: 8.7 and higher
- App Control Agent: 8.7 and higher
Symptoms
Cause
The "TrustedCertList.pem" and/or "Keychain.json" files are missing from the Agent's data folder here:
C:\ProgramData\Bit9\Parity Agent
Resolution
- Copy the "TrustedCertList.pem" and/or "Keychain.json" from the App Control Server located here:
C:\Program Files (x86)\Bit9\Parity Server\hostpkg
- Open a command prompt and issue the following commands:
cd "C:\Program Files (x86)\Bit9\Parity Agent"
dascli password GlobalPassword
dascli tamperprotect 0
- Copy the file(s) into the Agent's data folder here:
C:\ProgramData\Bit9\Parity Agent\
- Import the file(s) with the following commands:
dascli password GlobalPassword
dascli importkeychain C:\ProgramData\Bit9\Parity Agent\keychain.json
dascli importservercertlist C:\ProgramData\Bit9\Parity Agent\TrustedCertList.pem
dascli healthcheck
dascli status
Additional Notes
To prevent this Health Check Error:
- Verify the Resource Download Location in System Configuration > Advanced is still accurate, and contains the necessary files.
Note: If this location has been customized: copy the updated "trustedcertlict.pem" and/or "keychain.json" file to the new custom RDL - Verify the IIS Certificate bound to Port 443 is not expired, and formatted correctly
- Common Name shown should match Server Address from the General tab.
- Expiration Date should be in the future.
- A matching Certificate should be listed in the Trusted Communication Certificates list at the bottom of the Security tab, and Trusted.
- Verify the endpoints are able to download the files via the RDL. By default this would be:
https://ServerAddress/hostpkg/pkg.php?pkg=TrustedCertList.pem
https://ServerAddress/hostpkg/pkg.php?pkg=keychain.json
Related Content
