The Huntress Agent communicates over HTTPS (port 443) to the huntress.io domain. If you use deep packet inspection, TLS/SSL interception, cert pinning, Acronis DeviceLock DLP, or any type of certificate interception service you will need to allow-list/exclude the huntress.io certificate or the common name (CN) huntress.io from TLS/SSL inspection. The Huntress Agent uses certificate pinning to verify the huntress.io domain certificate and will cease communications if presented with an unexpected huntress.io certificate.
The Huntress Agent and Updater use TLS 1.2+ to communicate with the Huntress Dashboard. However, the first time it's run the HuntressUpdater uses wyUpdate which sometimes uses TLS 1.1 to fetch updates. If TLS 1.1 is blocked/disabled, the Huntress Agent will fail to update. After the initial update the updater will be switched to hUpdate which uses TLS 1.2. We're actively working to remove this TLS 1.1 restriction.
We provide a command-line tool, TestHuntressConnection.exe, you can use to test the connection. If this tool is unable to connect to https://huntress.io, the Huntress Agent will likely be unable to as well. In addition to writing to the console, the tool will also log to C:\WINDOWS\temp\TestHuntressConnection.log. If the tool is able to successfully connect, it will exit with %ERRORLEVEL% 0, otherwise, it exits with %ERRORLEVEL% 1.
c:\temp> TestHuntressConnection.exe 2019/03/04 19:33:47 - Log file: C:\WINDOWS\temp\TestHuntressConnection.log 2019/03/04 19:33:47 - Tool for testing connection to https://huntress.io 2019/03/04 19:33:47 - Updated: 3 March 2019 2019/03/04 19:33:47 - Attempting to connect to https://huntress.io... 2019/03/04 19:33:47 - Connection Successful.
c:\temp> TestHuntressConnection.exe
2019/03/04 19:42:31 - Log file: C:\WINDOWS\temp\TestHuntressConnection.log
2019/03/04 19:42:31 - Tool for testing connection to https://huntress.io
2019/03/04 19:42:31 - Updated: 3 March 2019
2019/03/04 19:42:31 - Attempting to connect to https://huntress.io...
2019/03/04 19:42:38 - Connection failed
2019/03/04 19:42:38 - ERROR: Certificate mismatch.
Please see the following for details: https://support.huntress.io/article/60-packetinspection
2019/03/04 19:42:38 - For help, please send the log (C:\WINDOWS\temp\TestHuntressConnection.log) to the Huntress Team at support@huntresslabs.com
The web browser on one of the hosts where the error occurred may help to further identify the issue. Navigate to https://huntress.io and click the lock next to the URL to reveal the certificate details. If the details differ from the image below there is likely an SSL Proxy/Deep Packet Inspection device in use. Often times, the device vendor's name will appear in the "Issued By" field.
Comments
0 comments
Please sign in to leave a comment.