Forum Discussion
Azure ATP sensor update and communication error
Michele D'Angelantonio 2.107 will be deployed in the coming days.
So just so I understand it better - it's not always crashing, but from time to time it crashes, and when it does, it's with this error?
How many total failures since first installed?
I would advise to open a support ticket for this.
Since we haven't seen it before, we will need to collect more data to analyze.
Also, another thing you can try , is that if you currently work with the default winpcap driver, you can replace it with npcap and see if it resolves the issue.
See this for instructions:
you can follow it even of not using nic teaming.
Just make sure to use version
https://nmap.org/npcap/dist/npcap-0.9984.exeAs we currently have compatibility issues with the newer version which we haven't fixed yet.
hi EliOfek
I verified again every log and I found the event ID 7031 with the sensor restart even on june.
the exact error I coan find on the log is:
2020-01-30 02:17:01.9748 Error FrameReader`1 CaptureFrames exception, exiting
Microsoft.Tri.Sensor.FrameReaderException: Failed reading frame [resultCode=-1 message=read error: PacketReceivePacket failed]
at bool Microsoft.Tri.Sensor.FrameReader<TCaptureDevice>.TryReadFrame(out DateTime time, out BufferSlice bufferSlice)
at bool Microsoft.Tri.Sensor.NetworkListener.ParseFrame(FrameReader frameReader)
at void Microsoft.Tri.Sensor.NetworkListener.CaptureFrames(LiveFrameReader[] liveFrameReaders)
Two DCs are VM on Hyper-V cluster, the third is on Azure. No network changes.
The issue seems to happen completly randomly.
My first impression was that the issue could be connected to the sensor updates but I've no evidence of that.
I've seen that the new version of the sensor is available from the Jan 26th but no DCs are updated (the ATP portal marks all three DCs as up to date, with version 2.106.7618).
MicrosoftMichele D'Angelantonio 2.107 will be deployed in the coming days.
So just so I understand it better - it's not always crashing, but from time to time it crashes, and when it does, it's with this error?
How many total failures since first installed?
I would advise to open a support ticket for this.
Since we haven't seen it before, we will need to collect more data to analyze.
Also, another thing you can try , is that if you currently work with the default winpcap driver, you can replace it with npcap and see if it resolves the issue.
See this for instructions:
you can follow it even of not using nic teaming.
Just make sure to use version
https://nmap.org/npcap/dist/npcap-0.9984.exe
As we currently have compatibility issues with the newer version which we haven't fixed yet.
thanks EliOfek for your support, we will probably open a ticket in the next days.
Vishal_Sharma_4224@ Michele
I hope the issue has been fixed? Please confirm.Vishal_Sharma_4224 sorry for the delay.
the issue is not really fixed.
I found the same random behaviour in most of our implementations.
however, you can close the thread I suppose it could be a random network problem.
thanks again
mike