Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

ATA Services not starting

Deleted
Not applicable

I have 2 DC controllers running in Azure connected to On-Prem domain with on-prem DC. The On-prem DC are Lightweight gateway are running fine but the 2 DC in IaaS (Azure cloud ) are not working Service status stopped.

 

Error in the Gateway Log folder for Both DC's in the cloud

 

Error [WebClient+<InvokeAsync>d__8`1] System.Net.Http.HttpRequestException: PostAsync failed [requestTypeName=UpsertGatewayMonitoringAlertRequest] ---> System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context)
at System.Net.Http.HttpClientHandler.GetRequestStreamCallback(IAsyncResult ar)

 

please advise how i can solve this problem.

 

 

 

17 Replies

Can you check if you have any of the following registry keys set on the failing machine or the center?

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL]
"DisableRenegoOnServer"=dword:00000001
"DisableRenegoOnClient"=dword:00000001

 

If yes, please try while they are set to 0 (default).

thanks for you reply.

the registry keys weren't present on the failing servers and ATA center. However i have tried doing this as i read your article and no luck here -thanks

Are you able to access the console UI from the failing GWs using Internet Explorer without any errors?

Yes i can - I added the ATA console via IE trusted site but i see certificate error in the browser. I installed the certificate for local user and current user. 

i am running Ver 1.8 ATA Center

the certificate issue is not an issue, i would like to fix the Light weight gateway servers..thanks

The LWGWs are talking to the same endpoint you are reaching when using IE,

only they are less tolerant to issues.

What was the exact error you got about the certificate in IE?

Yes correct the LGW are talking to the same ATA center.

The error was certificate error via IE stating it not secure etc but this can be ignored as i can log on to the console successfully from LGW's servers

Can you check the Updater log and see if you have a line with this exact text inside:

 Warn  [OwinContextExtension] Sending retry request [Client certificate doesn't exist]

there are 3 updater logs m which one?

okay i have checked all the updater logs and i performed a search for the following

Client certificate doesn't exist

Nothing was found


OK,

Then we rolled out "known issues".

I strongly suggest at this point to open a case with support and have a support engineer on it

to collect more data and help troubleshoot.

Did you manage to resolve this in the end? We're experiencing the exact same issue.

Hi, yes the fix was to update the agent on the affected machines and the ata server

Thanks for taking the time to reply Praful. Reading deeper, my issue is actually different and we are already fully up to date. Thanks anyway

I also notice within the ATA center, the LG keeps complaining the service stating says starting, to me this is an issue afterll

I also notice within the ATA center, the LG keeps complaining the service stating says starting, to me this is an issue afterall