Forum Discussion
Azure ATP Service Account getting locked out
EliOfek i uninstalled the agent on each DC and then reinstalled it. The account got locked out again using the new account. i checked the error log on the offending agent, and this is what it showed:
2019-10-03 17:55:08.1794 Error DomainNetworkCredentialsManager GetInternal failed [domainName=med]
our domain name in the Azure ATP portal on the Directory Services tab is not "med". it is "domainname.med".
MicrosoftRobren , if this error was produced after the account lockout it is expected I guess.
Do you have only one domain ? or is it a forest where med is the parent domain?
AATP will try to traverse all the domains in the forest, not just the domain of the AATP account you provided.
- EliOfek
Robren Can you send a screenshot of the Directory services tab from the config screen ( in a private message) ?
EliOfek A year on from this last post...which was left hanging, we are seeing something similar. Random domain controllers, in a multi domain, single forest, locking up the ATP svc-account. Was a solution ever found for this, and never posted back ?
For us it has been happening for a >2 weeks, plus we are also seeing random "all domain controllers are unreachable by sensor"...and in the alert, it just talks about one DC ! Sensor upgrade issues ?
