Forum Discussion
Azure ATP sensor : Could not create SSL/TLS secure channel
EliOfek thanks for your advise, anything you would like to advise, it was working before?
I have checked TLS 1.2 enabled
Microsoft
The TLS communication is on localhost :444, any chance there is a new FW rule that cause issues?
Some of the cases we know about were resolved by making sure these registry values are set to 0 (1 is not the default)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL]
"DisableRenegoOnServer"=dword:00000001
"DisableRenegoOnClient"=dword:00000001
Was ADFS installed on this machine by any chance?
Hello,
I have the same problem on ADFS Sensor. It's Windows server 2019.
I didn't have problem on the Domain Controller just on ADFS.The service Update is running but not the service AATPSensor. It just starting again and again.
Can you help me?
Error:
2022-04-13 08:03:19.6535 Error ExceptionHandler Microsoft.Tri.Infrastructure.ExtendedException: RestrictCpuAsync failed, exiting ---> System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
at Stream System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, out TransportContext context)
at void System.Net.Http.HttpClientHandler.GetRequestStreamCallback(IAsyncResult ar)
--- End of inner exception stack trace ---
at async Task<HttpResponseMessage> System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task<HttpResponseMessage> sendTask, HttpRequestMessage request, CancellationTokenSource cts, bool disposeCts)
at async Task<TResponse> Microsoft.Tri.Common.CommunicationWebClient.SendAsync<TResponse>(byte[] requestBytes, int offset, int count)
at async Task<TResponse> Microsoft.Tri.Common.CommunicationWebClient.SendWithRetryAsync<TResponse>(byte[] requestBytes, int offset, int count)
at async Task Microsoft.Tri.Common.CommunicationWebClient.SendAsync(IVoidRequest request)
at async Task Microsoft.Tri.Sensor.Common.ServiceProxy<TWebClientConfiguration>.SendAsync(IVoidRequest request)
at async Task Microsoft.Tri.Sensor.SensorResourceManager.RestrictCpuAsync()
--- End of inner exception stack trace ---- I have this error on updater but the service is running.
2022-04-13 08:04:13.8606 Error ServiceControllerExtension ChangeServiceStatus failed to change service status [name=AATPSensor status=Running Exception=System.ServiceProcess.TimeoutException: Time out has expired and the operation has not been completed.
at System.ServiceProcess.ServiceController.WaitForStatus(ServiceControllerStatus desiredStatus, TimeSpan timeout)
at Microsoft.Tri.Infrastructure.ServiceControllerExtension.ChangeServiceStatus(String name, ServiceControllerStatus status, TimeSpan timeout, Nullable`1 awaitedStatus)]- EliOfek
Sebastien65 The error in the updater's log is expected given the fact that the sensor is failing to start.
It has a watchdog that alerts the sensor is down.
As for why the sensor is failing to communicate over TCP/444 using TLS, given that you tried my previous suggestions, I would say you should open a support ticket to get an engineer to deep dive into this,it is most likely a configuration/policy issue of some sorts, but it's impossible to troubleshot over community posts. We can update here once you get this resolved and add info about what was the issue.
