Forum Discussion
Shaneil Narayan
May 09, 2019Copper Contributor
Error=82 - ATP Service not starting
I have installed the ATP Sensor on a DC but the "Azure Advanced Threat Protection Sensor" is not able to start. Service is being run as "Local System".
Our internal AD domain is a ".net" and external Azure domain is ".com"
Seeing Error 82 in the logs.
=================================================================
DirectoryServicesClient Creating
2019-05-09 00:54:34.1329 Info DirectoryServicesClient CreateLdapConnectionAsync failed to connect [DomainControllerDnsName=AD06P.mydomain.net Domain=mydomain.com UserName=svc_atp ErrorCode=82]
2019-05-09 00:54:34.6316 Error DirectoryServicesClient+<CreateLdapConnectionAsync>d__33 Microsoft.Tri.Infrastructure.ExtendedException: CreateLdapConnectionAsync failed [DomainControllerDnsName=AD06P.mydomain.net]
at async Task<LdapConnection> Microsoft.Tri.Sensor.DirectoryServicesClient.CreateLdapConnectionAsync(DomainControllerConnectionData domainControllerConnectionData, bool isGlobalCatalog, bool isTraversing)
at async Task<bool> Microsoft.Tri.Sensor.DirectoryServicesClient.TryCreateLdapConnectionAsync(DomainControllerConnectionData domainControllerConnectionData, bool isGlobalCatalog, bool isTraversing)
2019-05-09 00:54:34.6472 Error DirectoryServicesClient Microsoft.Tri.Infrastructure.ExtendedException: Failed to communicate with configured domain controllers
=================================================================
This error is telling us that your LDAP account is not configured properly. This is most likely mistyping something when setting up there account here. I would suggest ensuring that it's correct there and redownloading the Sensor. Ensure you dont put "<Domain>\<username>"--it should be a pure "<username>" where the Domain has its own section on the bottom. I see this cause some confusion which is why I spell it out. The domain is the FQDN where that user exists; it isn't the NETBios name of the Forest or anything else.
Let us know if this helps!
This error is telling us that your LDAP account is not configured properly. This is most likely mistyping something when setting up there account here. I would suggest ensuring that it's correct there and redownloading the Sensor. Ensure you dont put "<Domain>\<username>"--it should be a pure "<username>" where the Domain has its own section on the bottom. I see this cause some confusion which is why I spell it out. The domain is the FQDN where that user exists; it isn't the NETBios name of the Forest or anything else.
Let us know if this helps!
- Valon_Kolica
Microsoft