Forum Discussion

Paul_Brock's avatar
Paul_Brock
Brass Contributor
Nov 15, 2018

ATA Client on a Server 2019 Domain Controller

We have noticed that when installing the ATA client on a Windows Server 2019 domain controller the Lsass.exe service crashes every 10-25 minutes and causes the server to reboot. We also noticed that ...
EliOfek's avatar
EliOfek
Icon for Microsoft rankMicrosoft
Jan 16, 2019

Hi Doug,

There is a reason AATP is still not stating support for Windows Server 2019 Domain Controllers,

and this is because it hasn't cleared testing yet.
Sadly, there is a bug in lsass.exe that gets triggered easily when the sensor is installed.

There is a private fix for it that wasn't publicly released yet, so if you are already in this situation support will be able to provide it to you for mitigation  but this is "best effort" support for now as it's officially not yet a supported configuration.

Once the lsass fix will be publicly released, hoping that AATP will pass 2019 testing, we will work quickly to officially support it.

DougHowell's avatar
DougHowell
Copper Contributor
Jan 18, 2019

So on our open issue with support on Windows Hello for Business breaking when authenticating against a Server 2019 DC, support just came back to us and said that issue is due to a bug in LSASS which there will be a fix for in the February CU, and provided a "temporary fix"  for "testing purposes only".  Is it the same bug in LSASS that is biting both Azure ATP and WhfB?

 

I ask because we have a workaround that will be fine for us for the WhfB issue in the interim without the temporary fix, but would look at it if it will allow us to get Azure ATP going again so we are not partially blind until Feb 13th with the CU comes out.

  • EliOfek's avatar
    EliOfek
    Icon for Microsoft rankMicrosoft
    Jan 18, 2019

    Yes, it's the same fix. we are actually waiting for it to be officially released, so we can complete testing of AATP on Server 2019, and given that we won't find new issues, also officially support it in the docs.

    • Lynn Towle's avatar
      Lynn Towle
      Iron Contributor
      Feb 12, 2019

      I'm in the process of building some DC's up in Azure, and want to use Server 2019. Do we know of an ETA for official 2019 support? I know that there is a hotfix, but hotfixes and officially supported OS's are not the same :)

      • EliOfek's avatar
        EliOfek
        Icon for Microsoft rankMicrosoft
        Feb 12, 2019

        Hi,

        The mentioned hotfix is for windows, not AATP.

        It it planned as far as I know to be released this week.

        Once it does, we will be able to complete testing on 2019, and if all is good, we will add official support for 2019. So unless we discover more issues, I expect it to happen pretty soon.

         

        Note that for ATA, we also do not officially support 2019 (yet).

  • Paul_Brock's avatar
    Paul_Brock
    Brass Contributor
    Jan 18, 2019

    We are using ATA and Hello on our 2019 DC's with the hotfix we were provided. 

Resources