Forum Discussion
Error installing Azure ATP Sensor on DC
JTUKTECH Proxy was the issue.
I followed these steps https://docs.microsoft.com/en-us/azure-advanced-threat-protection/configure-proxy#configure-the-proxy and finally it fixed couple of weeks back.
Hi,
thanks for your answer!
I saw this with SSL inspection but fact is that I installed the sensor with the same setup 2 month ago.
Also on my 2nd Domain Controller on the same Network everything is fine.
That´s why i can´t understand why it is suddenly not working.
Problem began with automatically stopped service. First restart of the service helped but on one point it doesn´t . So i decided to reinstall the sensor but with no luck.
edit: also auto update on this DC to new version did not work.
on 2nd DC no problem.
Microsoftmaple85 try to capture a network trace to see where it fails.
Tip: I saw a case earlier this week where the client had issues with CRL. could it be that this machine does not have updated crl while the other has so it fails ?
If not, a network trace should tell you more, but it has to be something environmental...
Problem solved.
I tried it again today with live log on our FW.
Found the Azure IP who was decrypted.
Thanks, Philip
maple85, hijacking this conversation as it mentions a CRL:-)
@Eli OfekI don't see any mention of ports required for the CRL
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/configure-proxyhttps://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-prerequisites#ports
SSL (*.atp.azure.com) TCP 443 Azure ATP cloud service Outbound
SSL(localhost) TCP 444 localhost BothIs there more detail available?
Thanks.
Razmi- EliOfek
Razmi_Patel , you don't normally need open ports for CRLs as far as I know as long as they are updated correctly .
I am not an SME on this one, but I think those are usually updates by windows updates...
If anyone knows otherwise please feel free to correct me 🙂
