Forum Discussion

Alexander Benoit's avatar
Alexander Benoit
Copper Contributor
Jul 04, 2018

ATP sensor installation failed

Hi all, 

 

having trouble with installing the Azure ATP sensor on a Windows Server 2012 R2 x64. Proxy can be reached and sensor even shows up in the console but then installation fails and rollback gets initiated. 

 

Exit Code is: 0x80070643,

 

There's no AV installed and no other security policy that affects on that machine. 

 

[19F0:137C][2018-07-04T11:33:42]i410: Variable: AccessKey = *****
[19F0:137C][2018-07-04T11:33:42]i410: Variable: InstallationPath = C:\Program Files\Azure Advanced Threat Protection Sensor
[19F0:137C][2018-07-04T11:33:42]i410: Variable: IsConfigured = True
[19F0:137C][2018-07-04T11:33:42]i410: Variable: Kb4019990Windows2008R2Exists = 0
[19F0:137C][2018-07-04T11:33:42]i410: Variable: Kb4019990Windows2012Exists = 0
[19F0:137C][2018-07-04T11:33:42]i410: Variable: NetFrameworkCommandLineArguments = /passive /showrmui
[19F0:137C][2018-07-04T11:33:42]i410: Variable: NetFrameworkRegistryValue = 460805
[19F0:137C][2018-07-04T11:33:42]i410: Variable: RebootPending = 0
[19F0:137C][2018-07-04T11:33:42]i410: Variable: ServerLevelsServerCoreRegistryValue = 1
[19F0:137C][2018-07-04T11:33:42]i410: Variable: ServerLevelsServerGuiShellRegistryValue = 1
[19F0:137C][2018-07-04T11:33:42]i410: Variable: VersionNT64 = 6.3.0.0
[19F0:137C][2018-07-04T11:33:42]i410: Variable: WixBundleAction = 5
[19F0:137C][2018-07-04T11:33:42]i410: Variable: WixBundleElevated = 1
[19F0:137C][2018-07-04T11:33:42]i410: Variable: WixBundleLog = C:\Users\xxxx\AppData\Local\Temp\Azure Advanced Threat Protection Sensor_20180704112648.log
[19F0:137C][2018-07-04T11:33:42]i410: Variable: WixBundleLog_MsiPackage = C:\Users\xxxxx\AppData\Local\Temp\Azure Advanced Threat Protection Sensor_20180704112648_000_MsiPackage.log
[19F0:137C][2018-07-04T11:33:42]i410: Variable: WixBundleManufacturer = Microsoft Corporation
[19F0:137C][2018-07-04T11:33:42]i410: Variable: WixBundleName = Azure Advanced Threat Protection Sensor
[19F0:137C][2018-07-04T11:33:42]i410: Variable: WixBundleOriginalSource = C:\Temp\Azure ATP Sensor Setup\Azure ATP Sensor Setup.exe
[19F0:137C][2018-07-04T11:33:42]i410: Variable: WixBundleOriginalSourceFolder = C:\Temp\Azure ATP Sensor Setup\
[19F0:137C][2018-07-04T11:33:42]i410: Variable: WixBundleProviderKey = {b50da163-5fe8-40cc-9bfc-8373ab225867}
[19F0:137C][2018-07-04T11:33:42]i410: Variable: WixBundleRollbackLog_MsiPackage = C:\Users\xxxxx\AppData\Local\Temp\Azure Advanced Threat Protection Sensor_20180704112648_000_MsiPackage_rollback.log
[19F0:137C][2018-07-04T11:33:42]i410: Variable: WixBundleSourceProcessFolder = C:\Temp\Azure ATP Sensor Setup\
[19F0:137C][2018-07-04T11:33:42]i410: Variable: WixBundleSourceProcessPath = C:\Temp\Azure ATP Sensor Setup\Azure ATP Sensor Setup.exe
[19F0:137C][2018-07-04T11:33:42]i410: Variable: WixBundleTag =
[19F0:137C][2018-07-04T11:33:42]i410: Variable: WixBundleUILevel = 4
[19F0:137C][2018-07-04T11:33:42]i410: Variable: WixBundleVersion = 2.0.0.0
[19F0:137C][2018-07-04T11:33:42]i007: Exit code: 0x80070643, restarting: No

 

 

 

 

security

3 Replies

  • thomboe's avatar
    thomboe
    Copper Contributor
    Jul 04, 2018

    Hi Alexander,

     

    First i was thinking it had with DNS issue. 

     

    https://docs.microsoft.com/en-us/azure-advanced-threat-protection/configure-proxy

     

    But i remember also that i had issue because of hardware requirements.

    Packets per second* CPU (cores) Memory (GB)

    0-1k0.252.50
    1k-5k0.756.00
    5k-10k1.006.50
    10k-20k2.009.00
    20k-50k3.509.50
    50k-75k3.509.50
    75k-100k3.50

    9.50

     

    I feel like it's hard to troubleshot ATP. I send you issue to another group.

     

    Thomas 

    • Alexander Benoit's avatar
      Alexander Benoit
      Copper Contributor
      Jul 08, 2018

      Hi Thomas, 
      we've tried different server (physical and virtual) with different cpu and ram. I can say that the lack of missing hardware is not the issue. I've furthermore figured out that the installation of the msi itself went trough fine but when the routine tried to register the services there was an issue. Bot services were created fine but it's seems that they couldn't be started. In the meanwhile the server even showed up in the azure atp dashboard. Then the rollback happened....

      • thomboe's avatar
        thomboe
        Copper Contributor
        Jul 08, 2018

        I Checked little, i comes back with a Proxy issue.

        But have you tryed to asked this in Enterprise Mobility + Security forum. It's a own tab for ATP :)

         

        Hope it's better help there. If i find out your issue i ping you. 

         

        Thomas

Resources