Environment
- Carbon Black Cloud Sensor: All versions located behind People's Republic of China (PRC) Government Firewall (also known as The Great Firewall or GFW)
- Endpoint Operating System: All supported
- Carbon Black Cloud Console: All versions
Symptoms
Cause
- VMware Carbon Black has been notified that the government for the People’s Republic of China will no longer allow access to GoDaddy domains.
- Since Carbon Black utilizes GoDaddy as a certificate authority this change prevents our Windows sensors from being able to download the latest certificate revocation list (CRL) from crl.godaddy.com.
Resolution
If communication to crl.godaddy.com cannot be re-established, impacted endpoints can re-establish sensor-server communication by disabling CRL checking.
Current workarounds:
- For sensor installs 3.4.0.925 and higher, CRL checking can be suppressed using this KB
- For sensor installs 3.8.0.722 and higher, CRL Checking can remain enabled and set to best effort but sensor communication continues if the CRL distribution point is unreachable using this KB
- For sensor check-ins 3.4.0.925 and higher, CRL checking can be suppressed using this KB
- For sensor check-ins 3.8.0.722 and higher, CRL Checking can remain enabled and set to best effort but sensor communication continues if the CRL distribution point is unreachable using this KB
Additional Notes
- Impacted endpoints will continue to enforce protection; however, sensor-server communication will be lost, updates will no longer be received, and sensor events will not be sent back to the console. Sensor events will continue to accumulate on disk until the event size limit is reached or until the sensor re-establishes communication.
- Additional information can be found about What are some concerns with disabling the CRL check within the Sensor?
- There is an enhancement (internal CBC-27235) under consideration for a possible way to address this limitation in a future release.
Related Content
