Forum Discussion
Solved
Health state :No sensor data
Hello,
I have some windows 10 PCs (around 33 PC) have Health state: No sensor data and most of them are windows 22H2 , and sense Event viewer is floading with error code 406 as below
"Request for register rejected by authentication service. Hresult: 0x80070005, error code: 1 ."
"Request for ValidateToken rejected by authentication service. Hresult: 0x80070005, error code: 1 ."
"Request for GetNonce rejected by authentication service. Hresult: 0x80070005, error code: 1 ."
No errors on MDEAnalazyser tools ,and checked this https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/fix-unhealthy-sensors?view=o365-worldwide#misconfigured-devices article .
If i offboarding and reboarding the pc via GPO , it will work find as reported by event viewer but no changes on security.microsoft.com portal .
All pcs are configured for authenticated proxy as per the technet artical
Best Regards
- It is a good idea to open a support ticket, they have to fix something on the cloud side. They may be able to fix all of your PCs at once that way.
14 Replies
- We had this problem after upgrading to Windows 10 22H2. After a long wait, MS acknowledged on our ticket that this was a known issue with 22H2 upgrades. They had to do a 'token reset' to force all the machines to fully re-initialize their MDE set up. A normal onboard/offboard tries to keep the same device ID and other settings which persist in the registry. If you open a ticket with MS they may be able to force a token refresh on the affected machines. That didn't work for us, so we had to offboard the machines and then delete a few files and registry values, then onboard again.
We had to run these as System user due to higher security on the settings, this forced a full re-initialization with MDE. Each device got a new device ID, and the old device entry remained so we had a bunch of duplicate devices until the idle ones times out.
cd "C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Cyber" del *.* /f /s /q REG DELETE "HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection" /v senseGuid /f REG DELETE "HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection" /v 7DC0B629-D7F6-4DB3-9BF7-64D5AAF50F1A /f REG DELETE "HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection\48A68F11-7A16-4180-B32C-7F974C7BD783" /v 7DC0B629-D7F6-4DB3-9BF7-64D5AAF50F1A /f exit- Hello. Thank you for your update . I will try the above solution on one of the affected PC.
Will Microsoft release an fix update for windows 10 since i have 40% of my PCs have this error "no sensor data"
Do you have SSL inspection running at the proxy? If so, have you excluded all the MDE urls from SSL inspection?
Also, did you check the note below?
- Hello,
All PCs are not completely offline. Although some PCs have this registry setting with value 1
- your devices are showing active or inactive in the MDE portal ?
- Hi.
On MDE it shown " No sensor data"- can you please share the results by running the below , seems your devices not able to communicate with the MDE service
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-proxy-internet?view=o365-worldwide#verify-client-connectivity-to-microsoft-defender-for-endpoint-service-urls
