Forum Discussion
Azure ATP Sensor Setup - service not starting - missing dependency
elieelkarkafi Hi, thanks for your reply.
The WmiApSrv.exe file exists in the %WinDir%\system32\wbem folder, but the service is missing. I'm unsure if adding it manually with "sc create "wmiAPSrv" binpath= "C:\Windows\System32\wbem\WmiApSrv.exe"" is the right way to do it but I tried.
The Azure Advanced Threat Protection Sensor Updater service is still not starting though:
Service error:
"Windows could not start the Azure Advanced Threat Protection Sensor Updater service on Local Computer. Error 1067: The process terminated unexpectedly."
From log "Microsoft.Tri.Sensor.Deployment.Deployer_20230627101213":
"2023-06-27 10:13:18.1790 Error ServiceControllerExtension ChangeServiceStatus failed to change service status [name=AATPSensorUpdater status=Running Exception=System.ServiceProcess.TimeoutException: Time out has expired and the operation has not been completed.
at System.ServiceProcess.ServiceController.WaitForStatus(ServiceControllerStatus desiredStatus, TimeSpan timeout)"
From log on DC1 "Microsoft.Tri.Sensor.Updater-Errors":
"2023-06-27 10:12:26.9427 Error PerformanceCounterMetricManager+<>c System.TypeInitializationException: The type initializer for 'Microsoft.Tri.Infrastructure.PerformanceCounterMetricManager' threw an exception. ---> System.InvalidCastException: Specified cast is not valid."
From log on DC2"Microsoft.Tri.Sensor.Updater-Errors":
2023-06-27 10:33:54.7543 Error PerformanceCounterLib System.InvalidOperationException: Category does not exist.
at CategorySample System.Diagnostics.PerformanceCounterLib.GetCategorySample(string machine, string category)
at string[] System.Diagnostics.PerformanceCounterCategory.GetCounterInstances(string categoryName, string machineName)
at new Microsoft.Tri.Infrastructure.MetricManager(IConfigurationManager configurationManager)
at object lambda_method(Closure, object[])
at object Autofac.Core.Activators.Reflection.ConstructorParameterBinding.Instantiate()
at void Microsoft.Tri.Infrastructure.ModuleManager.AddModules(Type[] moduleTypes)
at ModuleManager Microsoft.Tri.Sensor.Updater.SensorUpdaterService.CreateModuleManager()
at async Task Microsoft.Tri.Infrastructure.Service.OnStartAsync()
at void Microsoft.Tri.Infrastructure.TaskExtension.Await(Task task)
at void Microsoft.Tri.Infrastructure.Service.OnStart(string[] args)
Ok, I finally managed to complete the install on DC2.
Did in elevated CMD:
lodctr /r
Then
lodctr /q
and enabled any performance countes that where disabled with
lodctr /e:<provider name>
I will try the same for DC1 and get back with the result
Setup still fails on DC1...
From log on DC1 "Microsoft.Tri.Sensor.Updater-Errors":
"2023-06-27 10:12:26.9427 Error PerformanceCounterMetricManager+<>c System.TypeInitializationException: The type initializer for 'Microsoft.Tri.Infrastructure.PerformanceCounterMetricManager' threw an exception. ---> System.InvalidCastException: Specified cast is not valid."
- seems you have some corruption in your system file on your DC did you try to run SFC /scannow ?
- Did the scan and it didn't complete:
Beginning verification phase of system scan.
Verification 77% complete.
Windows Resource Protection could not perform the requested operation.
I tried the scan again with service "Windows Mudules Installer" running but the problem is the same.
I can see there is alot of options for fixing this problem.
If I look at the log, this is what it cannot repair:
2023-06-28 09:24:05, Info CSI 00004e35 [SR] Cannot repair member file [l:27]'MSFT_MpComputerStatus.cdxml' of Windows-Defender-Management-Powershell, version 10.0.17763.831, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2023-06-28 09:24:05, Info CSI 00004e37 [SR] Cannot repair member file [l:19]'MSFT_MpThreat.cdxml' of Windows-Defender-Management-Powershell, version 10.0.17763.831, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2023-06-28 09:24:05, Info CSI 00004e39 [SR] Cannot repair member file [l:26]'MSFT_MpThreatCatalog.cdxml' of Windows-Defender-Management-Powershell, version 10.0.17763.831, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2023-06-28 09:24:05, Info CSI 00004e3b [SR] Cannot repair member file [l:28]'MSFT_MpThreatDetection.cdxml' of Windows-Defender-Management-Powershell, version 10.0.17763.831, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2023-06-28 09:24:05, Info CSI 00004e3d [SR] Cannot repair member file [l:23]'MSFT_MpPreference.cdxml' of Windows-Defender-Management-Powershell, version 10.0.17763.831, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2023-06-28 09:24:05, Info CSI 00004e3f [SR] Cannot repair member file [l:17]'MSFT_MpScan.cdxml' of Windows-Defender-Management-Powershell, version 10.0.17763.831, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2023-06-28 09:24:05, Info CSI 00004e41 [SR] Cannot repair member file [l:20]'MSFT_MpWDOScan.cdxml' of Windows-Defender-Management-Powershell, version 10.0.17763.831, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2023-06-28 09:24:05, Info CSI 00004e43 [SR] Cannot repair member file [l:22]'MSFT_MpSignature.cdxml' of Windows-Defender-Management-Powershell, version 10.0.17763.831, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
2023-06-28 09:24:05, Info CSI 00004e45 [SR] Cannot repair member file [l:13]'Defender.psd1' of Windows-Defender-Management-Powershell, version 10.0.17763.831, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} in the store, hash mismatch
