Environment
- Carbon Black Cloud Sensor: All Supported Versions
- Microsoft Windows: All Supported Versions
Objective
Determine if GPO settings have caused Sensor Deregistration.
Resolution
- Gather date / time for Sensor Deregistration from Console.
- Gather Windows Event Logs from Device.
- Open Application Event Log.
- Check near time for Deregistration for events from Source Name "Application Management Group Policy".
- Description for these events may show "The assignment of application <Application Name> from policy <Policy Name> failed."
- If they show this value, a GPO policy is in place that is not properly configured. This causes the Sensor to begin a Sensor Upgrade that begins by uninstalling the Sensor which sends the Deregistration message to the Console. If the Upgrade fails the install portion the Device will have no active Sensor until action is taken.
Additional Notes
This issue can be resolved by removing the Device from the GPO membership or by correcting the GPO configuration so it functions correctly for upgrades / installs.
Related Content