Forum Discussion

wwarobert's avatar
wwarobert
Copper Contributor
Aug 21, 2024

Unable to onboard devices in Defender anymore

We have number of AVD's which are onboarded automatically in Defender, suddenly this process started to fail.   We can see interesting error message: VERBOSE: [2024-08-21 09:26:11Z][Information] ...
LukH1925's avatar
LukH1925
Copper Contributor
Aug 22, 2024

Hi, we are facing a similar problem. What's strange is that it only happens to us on servers in one domain, the rest work normally.

 

Details from log:

 

Extension Message: Failed to configure Microsoft Defender for Endpoint: Error during prepare defenderForEndpointOnboardingScript Onboarding blob signature is not valid, executionlog: [2024-08-22 14:39:54Z][Information] Signature verification result: True
[2024-08-22 14:40:24Z][Error] base chain cetificate is not valid because: PartialChain
[2024-08-22 14:40:39Z][Information] Certificate C=US, S=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011 is valid: False
[2024-08-22 14:40:39Z][Information] Certificate C=US, S=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011 is valid: True
[2024-08-22 14:40:39Z][Information] Chain valid: False
[2024-08-22 14:40:39Z][Information] Certificate chain verification result: False
[2024-08-22 14:40:39Z][Error] Onboarding blob signature is not valid
[2024-08-22 14:40:39Z][Error] Error during prepare defenderForEndpointOnboardingScript Onboarding blob signature is not valid
[2024-08-22 14:40:39Z][Error] Failed to configure Microsoft Defender for Endpoint: Error during prepare defenderForEndpointOnboardingScript Onboarding blob signature is not valid
[2024-08-22 14:40:39Z][Information] Set handler status (C:\Packages\Plugins\Microsoft.Azure.AzureDefenderForServers.MDE.Windows\1.0.10.3\status\0.status), Status=error, Code=888, Message='Failed to configure Microsoft Defender for Endpoint: Error during prepare defenderForEndpointOnboardingScript Onboarding blob signature is not valid'
Extension Error:
C:\Packages\Plugins\Microsoft.Azure.AzureDefenderForServers.MDE.Windows\1.0.10.3>Powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass C:\Packages\Plugins\Microsoft.Azure.AzureDefenderForServers.MDE.Windows\1.0.10.3\\MdeExtensionHandlerWrapper.ps1 -Action enable
VERBOSE: [2024-08-22 14:39:48Z][Information] Start executing handler action:
enable
VERBOSE: [2024-08-22 14:39:49Z][Information] Set handler status
(C:\Packages\Plugins\Microsoft.Azure.AzureDefenderForServers.MDE.Windows\1.0.10
.3\status\0.status), Status=transitioning, Code=1, Message='Configuration In
Progress'
VERBOSE: [2024-08-22 14:39:49Z][Information] Invoking MdeExtensionHandler.ps1
in background process in order to install/configuration/onboard MDE
VERBOSE: [2024-08-22 14:39:49Z][Information] End executing handler action:
enable with exit code: 0