Environment

• Cb EDR Sensor: All Supported Versions

Symptoms

• Sensor.log has the following errors:

id[AF04] 2018-12-19 09:31:29 (w): Unable to properly synch with server HrError[0x80C80006] 
Tid[AF04] 2018-12-19 09:31:41 (w): HTTP transaction failed with CURL code 6 HrError[0x80C80006] 
Tid[AF04] 2018-12-19 09:31:41 (e): ReserveEventLog failed HTTPCode[0] HrError[0x80C80006] 
Tid[AF04] 2018-12-19 09:31:41 (w): Unable to push event log 'eventlog_490491421.52429.log.zip' HrError[0x80C80006] 
Tid[AF04] 2018-12-19 09:31:41 (w): Unable to properly synch with server HrError[0x80C80006] 
Tid[14C8] 2018-12-19 09:31:41 (e): Unable to parse DNS response HrError[0x80070057]

• Sensorcomms.log has the following error:

<DATE> | https://<SERVERNAME>.my.cbcloud.io:443/data/eventlog/reserve/198724 | 0x80c80006 | 6 | 10719 | 0 | 0 | 500 | 0

Cause

Resolution

Additional Notes

• Proxies and Firewalls must allow unfiltered data between the sensor and server
• Cb.exe can show the meaning behind the error code:

c:\Windows\CarbonBlack>cb.exe -e 0x80C80006 
0x80C80006: Facility[CURL] Code[0006] Severity[1] Couldn't resolve host name.

Related Content

• CB Response: How to Translate the CB Sensor Communication Error Code (HRESULT)
• CB Response: What are the common sensor communication error messages? (HRESULT)
• CB Response: Sensor not checking in behind firewall (0x80cc006e)
• CB Response: Sensors checking in intermittently (0x8007274c)
• CB Response: Sensor logs to collect for general troubleshooting
• https://docs.microsoft.com/en-us/windows/desktop/winsock/windows-sockets-error-codes-2