Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: Healthcheck Error Agent is Missing a Keychain Or a Trusted Certlist File

App Control: Healthcheck Error Agent is Missing a Keychain Or a Trusted Certlist File

Environment

  • App Control Server: 8.7 and higher
  • App Control Agent: 8.7 and higher

Symptoms

  • Healthcheck errors with Failure ID 970 or 980 with the error similar to:
    Carbon Black App Control Agent is missing a trusted certlist file... FailureId[970]
    Carbon Black App Control Agent is missing a keychain file... FailureId[980]

Cause

The "TrustedCertList.pem" and/or "Keychain.json" files are missing from the Agent's data folder here:
C:\ProgramData\Bit9\Parity Agent

Resolution

  1. Copy the "TrustedCertList.pem" and/or "Keychain.json" from the App Control Server located here:
    C:\Program Files (x86)\Bit9\Parity Server\hostpkg
  2. Open a command prompt and issue the following commands:
    cd "C:\Program Files (x86)\Bit9\Parity Agent"
    dascli password GlobalPassword
    dascli tamperprotect 0
  3. Copy the file(s) into the Agent's data folder here:
    C:\ProgramData\Bit9\Parity Agent\
  4. Import the file(s) with the following commands:
    dascli password GlobalPassword
    dascli importkeychain C:\ProgramData\Bit9\Parity Agent\keychain.json
    dascli importservercertlist C:\ProgramData\Bit9\Parity Agent\TrustedCertList.pem
    dascli healthcheck
    dascli status
    

Additional Notes

To prevent this Health Check Error:
  1. Verify the Resource Download Location in System Configuration > Advanced is still accurate, and contains the necessary files.
    Note: If this location has been customized: copy the updated "trustedcertlict.pem" and/or "keychain.json" file to the new custom RDL
  2. Verify the IIS Certificate bound to Port 443 is not expired, and formatted correctly
    • Common Name shown should match Server Address from the General tab.
    • Expiration Date should be in the future.
    • A matching Certificate should be listed in the Trusted Communication Certificates list at the bottom of the Security tab, and Trusted.
  3. Verify the endpoints are able to download the files via the RDL. By default this would be:
    https://ServerAddress/hostpkg/pkg.php?pkg=TrustedCertList.pem
    https://ServerAddress/hostpkg/pkg.php?pkg=keychain.json

Related Content


Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎04-18-2022
Views:
1279
Contributors