Environment

• EDR Sensor: All Supported Versions
• Operating System: All 

Symptoms

• Sensor failed to register and does not appear in the UI
• Network capture shows Handshake Failure, denied by Server
• sensor.log from sensor diagnostics shows:

Tid[0574] 2019-08-20 07:08:10 (w): Failed to registerHTTPCode[2147954575] HrError[0x80072F8F]
Tid[0574] 2019-08-20 07:08:10 (i): failed to register HrError[0x80072F8F]
Tid[0574] 2019-08-20 07:08:10 (w): Unable to properly synch with server HrError[0x80072F8F]

Cause

Resolution

• Enable a matching cipher suite on the endpoints. How to do this may be different between OS version, please see OS documentation for how to enable a specific Cipher per your OS and Version. EDR: How to Determine Cipher Matching Between Endpoint and Server
• Enable Ciphers on the Server EDR: How to Update SSL Ciphers Used for Communication

• TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
• TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
• TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
• TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
• TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
• TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
• TLS_RSA_WITH_AES_128_CBC_SHA256
• TLS_RSA_WITH_AES_128_GCM_SHA256
• TLS_RSA_WITH_AES_256_CBC_SHA256
• TLS_RSA_WITH_AES_256_GCM_SHA384

Related Content

• CB Response: What are the common sensor communication error messages? (HRESULT)
• CB Response: How to Collect Diagnostics for Sensor Connection Issues (Windows)
• CB Response: Sensor not checking in behind firewall (0x80cc006e)
• CB Response: Sensors checking in intermittently (0x8007274c)
• CB Response: Windows Sensor log error: "HRESULT 0x80072747"
• CB Response: Sensorcomms.log shows HRESULT error 0x80c80006 for eventlog upload attempts
• CB Response: Sensor logs to collect for general troubleshooting
• https://docs.microsoft.com/en-us/windows/desktop/winsock/windows-sockets-error-codes-2
• https://docs.microsoft.com/en-us/windows/desktop/WinInet/wininet-errors