Forum Discussion
Azure ATP sensor install failing
I've installed the sensor on 4 DCs, but this fifth one is failing (same domain etc.) During the installation the entry appears briefly in the ATP portal, but it seems the updater service is faili...
EliOfek
Microsoft
MicrosoftThe "Network Interface" performance counter category is missing on this machine.
Use perfmon.exe to verify. you need to fix it so this category is working (a counters rebuild might be required if it wasn't disabled in the registry).
Once it it fixed, the deployment should work...
Eli
I had the issue the installation would not work on a windows 2019 with teaming and installing the npcap filter first. Had to uninstall the npcap filter, install the ATP sensor and it work but the ATP site would complain about the teaming. Uninstall the ATP sensor, install the npcap filter, then the sensor again.
- EliOfek
Is the issue now resolved?
Hay Eli I got the same issue with Win2019 DC which has npcap installed.
I could install it first time but it was not working so I read about npcap.
So what I did was:
1. Install npcap (Still not working)
2. Unistall ATP Sensor
3. Unistall npcap
4. Install npcap + ATP Sensor (ERROR 1603)
Now it does not matter if npcap is installed or not I cannot install anymore ATP Sensor... Restart, Recreation of perfs with:
Lodctr.exe /R
C:\Windows\SysWOW64\wbem\winmgmt.exe /RESYNCPERF
C:\Windows\System32\wbem\winmgmt.exe /RESYNCPERF
Did not help either.
My log:
2020-04-08 23:51:45.6333 Warn InstallActionGroup Revert reverting [rollbackAction=CreateDirectoryDeploymentAction index=2 count=3]
2020-04-08 23:51:45.6333 Debug CreateDirectoryDeploymentAction Revert started
2020-04-08 23:51:45.6333 Debug CreateDirectoryDeploymentAction Revert finished
2020-04-08 23:51:45.6333 Debug InstallActionGroup Revert finished
2020-04-08 23:51:45.6483 Error DeploymentAction Microsoft.Tri.Infrastructure.ExtendedException: Apply failed [Type=RunDeployerMajorDeploymentAction]
at Microsoft.Tri.Sensor.Common.DeploymentAction.Apply(Boolean suppressFailure)
at Microsoft.Tri.Sensor.Common.DeploymentActionGroup.Apply(Boolean suppressFailure)
at Microsoft.Tri.Sensor.Deployment.Package.Actions.CustomActions.RunActionGroup(DeploymentActionGroup deploymentActionGroup, Session session)
2020-04-08 23:51:45.6533 Debug CustomActions RunActionGroup InstallActionGroup finished [result=Failure]
CustomAction InstallCustomAction returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
MSI (s) (D8:58) [01:51:47:183]: Note: 1: 2265 2: 3: -2147287035
MSI (s) (D8:58) [01:51:47:183]: Machine policy value 'DisableRollback' is 0
MSI (s) (D8:58) [01:51:47:183]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
Action ended 01:51:47: InstallCustomAction. Return value 3.
MSI (s) (D8:58) [01:51:47:183]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (D8:58) [01:51:47:183]: No System Restore sequence number for this installation.
MSI (s) (D8:58) [01:51:47:183]: Unlocking Server
Action ended 01:51:47: INSTALL. Return value 3.In Addition if I run the install I see following error:
Event Viewer->System->Error 7000:
The NetGroup Packet Filter Driver service failed to start due to the following error:
The system cannot find the file specified.<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" /><EventID Qualifiers="49152">7000</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8080000000000000</Keywords><TimeCreated SystemTime="2020-04-09T10:10:15.328188100Z" /><EventRecordID>815478</EventRecordID><Correlation /><Execution ProcessID="608" ThreadID="3748" /><Channel>System</Channel><Computer>*******</Computer><Security /></System><Data Name="param1">NetGroup Packet Filter Driver</Data><Data Name="param2">%%2</Data><Binary>6E00700066000000</Binary></EventData></Event>
