SensorComms.log shows the following HRESULT: 0x80190194
Multihome settings are enabled so the UI uses a different port from the backend
This occurs when a sensor has already registered with the server and the port number used to check in is changed from the back-end port, typically 443, to the front-end port, typically 8443. This can happen if the SensorBackendServer URL in the registry under /HKEY_LOCAL_MACHINE/SOFTWARE/CarbonBlack/config is manually edited or if the URL is edited in the group settings from the UI.
Since the sensor cannot check into the server, updating the URL for the group in the UI will not push the change to affected endpoints. To fix this, all affected endpoints will need to have the SensorBackendServer registry key updated to the proper port. If there are a large number of endpoints affected, this can be done via something like SCCM. For fewer endpoints, you can simply re-install the sensor using a package containing the right URL and port.
To update via SCCM or another tool
Update the registry key associated with the checkin URL:
Typically this will be changing the port from 8443 to 433. It will match the settings in your multihome configuration.
Restart the sensor by executing the following command in a Command Prompt run as Administrator.
sc stop carbonblack
sc stop carbonblackk
sc start carbonblack
This will only occur when the sensor is attempting to connect through the UI port. This is because Response accepts this as a request, but processes it incorrectly and attempts to access files in the wrong location. For reference, the sensor server configuration uses a file called cb.server.sensor to locate the right files.