Skip to main content

Troubleshoot “The connection to the cloud services could not be established” error message

Bitdefender Cloud Services constantly analyze threats in the wild and threat intelligence from Bitdefender’s global network of protected endpoints, to immediately respond to emerging threats.

The Antimalware, Antiphishing and Content Control modules check with Bitdefender Cloud Services to protect against the newest threats, and phishing attacks or to categorize websites, and also to quickly eliminate false positives.

In some situations, the Bitdefender agent installed on the endpoint can indicate the following security issue: “The connection to the cloud services could not be established. You are not fully protected. Please contact your system administrator.”

Possible causes:

  • Ports 443 and 80, required for communication with Bitdefender Cloud Services, are closed.

  • A network firewall is blocking the connection with Bitdefender Cloud Services on: nimbus.bitdefender.net.

    This issue can also occur for any of the following hosts:

    • mclb-gcp.nimbus.bitdefender.net

    • eu.nimbus.bitdefender.net

    • us.nimbus.bitdefender.net

    • elb-fra-gcp.nimbus.bitdefender.net

    • elb-lon-gcp.nimbus.bitdefender.net

    • elb-nvi-gcp.nimbus.bitdefender.net

    • elb-ore-gcp.nimbus.bitdefender.net

    • elb-iow-gcp.nimbus.bitdefender.net

    • elb-tky-gcp.nimbus.bitdefender.net

  • The used proxy is misconfigured in the policy or has other issues.

  • The thawte_Primary_Root_CA certificate is missing from the endpoint.

  • The relay is not configured as a proxy in the policy, to communicate with Bitdefender Cloud Services (for offline environments).

  • The endpoint does not have internet access.

To fix this, you must first check if the 443 and 80 ports are open:

  1. Make sure telnet is installed on your computer.

  2. Open Command Prompt.

  3. Run the following commands:

    telnet nimbus.bitdefender.net 443

    telnet nimbus.bitdefender.net 80

If the connection is successful, the command window will go blank.

Otherwise, make sure no firewall or content filtering solution blocks the access, the endpoint has an active internet connection, the proxy communication is functional and configured in the applied policy.

You must also check if the thawte_Primary_Root_CA certificate is present on the endpoint:

  1. Press the Windows logo key.

  2. Type certmgr.msc and press Enter.

  3. Under CertificatesCurrent User click Trusted Root Certification Authorities.

  4. Click Certificates and search for thawte_Primary_Root_CA.

If the certificate is missing, refer to this Microsoft article.

For more information about the Bitdefender GravityZone ports, refer to GravityZone (cloud) communication ports.

If the issue persists, you can gather Cloud Services connectivity advanced logs and send them to the Bitdefender Enterprise Support team. For more information on how to gather advanced logs, refer to the Debug session section of the Viewing endpoint details page.