To change a Carbon Black EDR Server IP address or domain name for a standalone server, perform the following steps.

Note:
  • After updating the server IP address, a 10 minute to 1 day delay occurs during which time the endpoints check in to receive the new server IP address or domain name.
  • Any offline endpoints that do not check in must have the sensor reinstalled or the registry edited to point to the new server IP address.
Warning: After you have completed the following steps, verify the settings for sensor checkin URL and port.

A sensor will check in using the original server information and update that information locally (for example, in the registry for Windows clients). The next time that the sensor tries to check in, it will connect to the new server URL and port. No additional attemps will be made to connect to the previous address. If the new server information is incorrect, you must manually change the server to that address or perform Step 3 for all sensors.

Procedure

  1. Change the sensor group URL.
    1. In the Carbon Black EDR console, go to Administration > Sensors and click Edit Settings.
    2. Change the server address to the new address. Keep the same port number.
    3. Repeat Step 1b for each sensor group.
    4. Allow at least ten minutes for online sensors to retrieve the URL change.
  2. Update the server after all sensors have checked in.
    1. Stop the Carbon Black EDR service.
      service cb-enterprise stop
    2. Change the server address using standard OS commands for configuring the network interface.
    3. Start the Postgres service to update records to point to the new server address.
      • In 7.5.0 and later product versions:

        psql -d cb -p 5002 -c "UPDATE cluster_node_sensor_addresses SET address='<NEW ADDRESS>' WHERE id=0;"

      • In product versions prior to 7.5.0:

        psql -d cb -p 5002 -c "UPDATE cluster_node_sensor_addresses SET address='<NEW ADDRESS>' WHERE node_id=0;"

    4. Update the IP tables and firewall settings to use the correct IP address. If you are using a Carbon Black-managed firewall, run the following command:

      /usr/share/cb/cbcheck firewall -a

    5. Start the Carbon Black EDR service.
      service cb-enterprise start
  3. Check /etc/cb/cluster.conf to confirm that the host= value matches the new IP address (if it is not listed as localhost).
  4. Update remaining endpoints.

    For any clients that did not check in before the server address was changed, modify the SensorBackendServer setting on the individual sensor.

    For Windows clients, this setting is located at HKLM\SOFTWARE\CarbonBlack\config\SensorBackendServer.

    For macOS and Linux clients, this value is stored in /var/lib/cb/sensorsettings.ini.

  5. For FIPS environments only, run the following command to reconfigure Solr keystore and certificates for proper TLS communication: 
    /usr/share/cb/cbcluster sync-fips-config