Forum Discussion
Error Installing ATP sensor on DC
Hi, Installing on Windows server 2019 DC Worked on one DC and failed on the second one. It says its about proxy or SSL incpection but using the same network configuration for both DC..... Only...
EliOfek
Microsoft
Microsoft.net 4.8 is fully supported and should not have any negative effect on deployment.
make sure you have all the correct root certs deployed according to the docs, and if it's still does not work, I suggest to open supports case.
I would also try to take a network trace from a working deployment vs a non working and try to compare.
make sure you have all the correct root certs deployed according to the docs, and if it's still does not work, I suggest to open supports case.
I would also try to take a network trace from a working deployment vs a non working and try to compare.
- Hi, got my problem fixed.
The issue was still .NET framework, adding these registry keys fixed the problem:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001- I have the same issue trying to get the sensor installed on multiple machines. DC and an ADFS machine. I receive the same error on both 0x80070643. Ive read through these replies and everything is the way it should be. Im not sure what to try next....
- EliOfek
Shaun848 The error code alone is not enough to pinpoint the problem.
You need to check the deployment logs and search for the error that caused the failure.
https://learn.microsoft.com/en-us/defender-for-identity/troubleshooting-using-logs
- Martin_Schvartzman
SanderCYBR
Thank you. It's now also documented here https://docs.microsoft.com/en-us/defender-for-identity/troubleshooting-known-issues#applyinternal-failed-two-way-ssl-connection-to-service-error- We encounter the exact same issue and added the Reg-Keys. But only for .NETFramework\v4.0.30319 and not for .NETFramework\v2.0.50727.
It is still not working. Is required to also change for v2.0.50727?
Does changing these keys require a reboot?
