Forum Discussion

admin Administrator's avatar
admin Administrator
Copper Contributor
May 03, 2022
Solved

can't install AzureATP sensor on DC 2022, help with logs?

setup goes through , installs and DC shows up on the azure site with correct dc name etc with serviceas stopped, two new azure services appear in windows services on the DC then it times out half wa...
  • admin Administrator's avatar
    admin Administrator
    May 17, 2022
    For anyone who finds similar errors,
    opening IISCRYPTO to "server defaults template" lets everything install properly and run correctly. Using IIScrypto "best practice template" afterward installation re breaks sensor updater and causes schannel errors in event log.
    still trying to work out exactly what does/doesn't work in IISCRYPTO but can confirm it is now working using only TLS 1.0,1.1 and 1.2 server/client protocols with all ciphers enabled
    "best practices template" disables too much but havn't proved what exactly
dougsbaker's avatar
dougsbaker
Brass Contributor
May 03, 2022

admin Administrator Definitely looks like a TLS issue. I would Double Check that the server can correctly communicate with your ATP portal using TLS1.2 

 

https://gist.github.com/gpduck/db4f984435744e7dde1d 

I have used this tool in the past and it can be helpful. Just put in your ATP url EX org.atp.azure.com

 

EliOfek's avatar
EliOfek
Icon for Microsoft rankMicrosoft
May 03, 2022
Also, the reason of the rollback is that the updater service failed to connect.
the updater log should be copied to the temp folder as well with the deployment log.
Check what is the exact exception you have there, it might give more clues.

Also, if you need a proxy to connect, make sure you are using the silent install mode with the proxy parameters. If you rely on other proxy settings you might fail where the deployment manages to register from your profile, but the updater which runs under a different profile might not use the proxy ...

Resources