Forum Discussion
Sensor service keeps restarting (after auto upgrade)
Hi all, I've installed multiple Azure ATP Sensor Setup yesterday on Windows 2019 and 2022 servers. But one is failing to report in the console today. I've checked the system and the AATPSensor serv...
Thanks for this Query! This led me to the solution. I had a similiar case. OS 2019. 1 DC working fine, other DC gave problems with ATP sensor. Same logfile errors as the OP. You pointed me in the right direction: Sensor wouldn't start, since there is something wrong on the OS level with a performance counter. Open up Performance Monitor and you'll get an error about the Network Interface not being able to get data.
Solution:
-lodctr /E:TCPIP
This uses the lodctr command, with the Enablement option, for the Performanc Counter called TCPIP. This is ultimately the Network Interface performance counter since it uses the %SystemRoot%\System32\perfnet.dll file. If you run 'Lodctr /Q' is shows the list of available performance counters, as well as their state (enabled/Disabled). The Tcpip/network interface counter was disabled.
EliOfek : i don't read in the MDI/Azure Advanced Threat Protection Sensor documentation, that this is a requirement. Is it possible to update this? Or create an extra check during installation for the Enablement of this performance counter?
EliOfek
Microsoft
MicrosoftThis should be enabled by default. the sensor is relying on many things in the OS which are enabled by default and the common case it stays like that.
When this counter is disabled it's usually due to an error.
Anyway, I have forwarded this feedback to consider it for the docs.
When this counter is disabled it's usually due to an error.
Anyway, I have forwarded this feedback to consider it for the docs.
Or perhaps to have the installer/updater check it.