Forum Discussion
Azure Advanced Thread Protection Sensor service failed to start
Probably the same reason.
Are you positive that the AD credentials you entered in the portal are correct?
Unlike ATA in AATP we have no "test" for them in the UI.
Make sure the username, domain and password are correct.
What is the OS version you are running on?
Also, the output of
nltest /DSGETDC: && nltest /DOMAIN_TRUSTS
on both forests might help, but you might want a support case to share this info with us , the forum is not ideal for this...
Hi Eli!
I did it.
Now I am getting same error, like on DCs:
2018-12-05 14:38:33.8213 Error DirectoryServicesClient+<CreateLdapConnectionAsync>d__34 Microsoft.Tri.Infrastructure.ExtendedException: Failed to connect to domain controller [DomainControllerDnsName=juno1.pansw.com ErrorCode=82] ---> System.DirectoryServices.Protocols.LdapException: A local error occurred.
at void System.DirectoryServices.Protocols.LdapConnection.BindHelper(NetworkCredential newCredential, bool needSetCredential)
at async Task<LdapConnection> Microsoft.Tri.Sensor.DirectoryServicesClient.CreateLdapConnectionAsync(DomainControllerConnectionData domainControllerConnectionData, bool isGlobalCatalog, bool isTraversing)
--- End of inner exception stack trace ---
at async Task<LdapConnection> Microsoft.Tri.Sensor.DirectoryServicesClient.CreateLdapConnectionAsync(DomainControllerConnectionData domainControllerConnectionData, bool isGlobalCatalog, bool isTraversing)
at async Task<LdapConnection> Microsoft.Tri.Sensor.DirectoryServicesClient.CreateLdapConnectionAsync(DomainControllerConnectionData domainControllerConnectionData, bool isGlobalCatalog, bool isTraversing)
at async Task<bool> Microsoft.Tri.Sensor.DirectoryServicesClient.TryCreateLdapConnectionAsync(DomainControllerConnectionData domainControllerConnectionData, bool isGlobalCatalog, bool isTraversing)
2018-12-05 14:38:33.8369 Error DirectoryServicesClient Microsoft.Tri.Infrastructure.ExtendedException: Failed to communicate with configured domain controllers
I already shared my AD trust configuration. Do you think it is a reason for failure?
Thank you!
MicrosoftProbably the same reason.
Are you positive that the AD credentials you entered in the portal are correct?
Unlike ATA in AATP we have no "test" for them in the UI.
Make sure the username, domain and password are correct.
What is the OS version you are running on?
Also, the output of
nltest /DSGETDC: && nltest /DOMAIN_TRUSTS
on both forests might help, but you might want a support case to share this info with us , the forum is not ideal for this...
- we created service account for each domain and registered it on portal. after which it was able to work properly.
Arkady Karasin Hi, do we need to change the credentials on services running for Azure ATP?
Under services, its currently running on local credentials.
we have many domains and this domain trusts the domain (ATP admin account domain).
do we need to change it here?
- I had a similar issue and changed the Directory Services Credentials to reference the on-prem domain name rather than the primary email suffix and this resolved the issue for us, thanks for the pointer.
Hi Eli,
You are right. It was credential issue. I provided our domain name from Azure portal. I should use our local AD domain name instead.
Thank you very much!!!
