Forum Discussion

meliss0215's avatar
meliss0215
Copper Contributor
May 29, 2019

Azure ATP Service Fails to Start

Hi Everyone,   I'm deploying Azure ATP with a client and we have installed a standalone sensor. The Azure ATP service tries to start and then stops. We're seeing an error stating "Sequence contains...
EliOfek's avatar
EliOfek
Icon for Microsoft rankMicrosoft
Jul 03, 2019

nomeara 

For the standalone one, did you configure it as to which mirrored DC it is monitoring?

while integrated is auto configured, in standalone you need to manually configure.

Just wanted to make sure the basics are correct.

 

If you have a forest with an external trust only, and no read only account there,  you can't monitor it...

But how could you anyway? I am guessing you can't install a sensor there ...

Or maybe I misunderstood what you are after?

nomeara's avatar
nomeara
Copper Contributor
Jul 03, 2019

EliOfek 

 

Thanks for the quick reply.

 

We have not configured it to mirror any DCs.

 

1: The instructions show that step as after this step, and we are not even getting the service to start, which appears to be expected before configuring the mirroring settings.

2: This particular sensor is being installed to accept vpn accounting logs via RADIUS, not to mirror a domain controller.  Is this not a supported configuration?   We will be installing sensors on the DCs separately for monitoring them.

  • EliOfek's avatar
    EliOfek
    Icon for Microsoft rankMicrosoft
    Jul 03, 2019

    nomeara , A standalone Gateway that monitor no DC is not a supported scenario.

    it needs at least once DC to monitor, or else it will keep restarting and failing on a callstack similar to this:

     

    2019-07-03 20:48:45.4181 5656 5   Error [DirectoryServicesClient+<OnInitializeAsync>d__14] Microsoft.Tri.Infrastructure.Utils.ExtendedException: Domain controllers are not configured
   at async Microsoft.Tri.Gateway.Resolution.DirectoryServices.DirectoryServicesClient.OnInitializeAsync(?)
   at async Microsoft.Tri.Infrastructure.Framework.Module.InitializeAsync(?)
   at async Microsoft.Tri.Infrastructure.Framework.ModuleManager.OnInitializeAsync(?)
   at async Microsoft.Tri.Infrastructure.Framework.Module.InitializeAsync(?)
   at async Microsoft.Tri.Infrastructure.Framework.Service.OnStartAsync(?)
   at Microsoft.Tri.Infrastructure.Framework.Service.OnStart(String[] args)

    Although it's not the stack you have seen, so I guess you have some kind of additional issue there, but even if you go past that, you will get stuck on the above issue, so save your time and don't try it...

     

    You options are either to route the VPN traffic to one of the integrated sensors, or monitor one of the DCs using port mirroring and a standalone sensor, those are the only supported scenarios, at least for now.

Resources