Forum Discussion

archedmeerkat's avatar
archedmeerkat
Copper Contributor
Jun 21, 2019
Solved

Azure ATP connection closed errors

I am seeing the following error in the Azure ATP Sensor logs in my environment when running net group "Domain Admins" /domain from member workstations. I do not see the correlated event of a user que...
  • EliOfek's avatar
    EliOfek
    Aug 15, 2019

    archedmeerkat 

    Engineering has researched the sampled capture ans managed to reproduce the issue.
    Sadly, this is not an easy fix, it's a specific traffic/rare traffic on top of SMB1 we were not aware of before and currently cannot parse.
    We have opened a bug for it.
    It is planned but in low priority for now as telemetry shows it happens rarely.
    We will update once we get it resolved so the fix can be verified.
EliOfek's avatar
EliOfek
Icon for Microsoft rankMicrosoft
Jun 24, 2019

archedmeerkat  Can you verify TSO offload is disabled?

from elevated powershell,  run:

Get-NetAdapterAdvancedProperty | Where-Object DisplayName -Match "^Large*"

Check it the feature is enabled, if it is, run:

Disable-NetAdapterLso -Name {name of adapter}  \\ this will disable LSO for both IPv4 and IPv6.

Then verify the previous command again to make sure it was disabled.

 

Eli

archedmeerkat's avatar
archedmeerkat
Copper Contributor
Jun 24, 2019

EliOfek- Commands returned that TSO offload is disabled on both on ipv4 and ipv6

Resources