SOLVED

Problem with Windows ATP client onboarding

%3CLINGO-SUB%20id%3D%22lingo-sub-2996678%22%20slang%3D%22en-US%22%3EProblem%20with%20Windows%20ATP%20client%20onboarding%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2996678%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20All%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20installed%20Windows%20ATP%20client%20just%20to%20deploy%20endpoint%20DLP%20configurations%20as%20a%20part%20of%20the%20DLP%2C%20but%20client%20is%20not%20showing%20up%20in%20M365%20compliance%20portal.%20further%20I%20have%20found%20service%20is%20set%20to%20Automatic%20and%20running%20without%20an%20issue%2C%20but%20below%20error%20message%20show%20up%20in%20%22sense%22%20event%20logs.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EContacted%20server%2058%20times%2C%20All%20failed%20URI%3A%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fwinatp-gw-neu.microsoft.com%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwinatp-gw-neu.microsoft.com%2F%3C%2FA%3E%3CSPAN%3E.%20Last%20HTTP%20error%20code%3A%2012007%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Efurther%3CSPAN%3E%26nbsp%3BI%20ran%20the%26nbsp%3B%20Microsoft%20Defender%20for%20Endpoint%20Client%20Analyzer%20tool%20and%20below%20is%20the%20result.%20However%2C%20our%20proxy%20we%20have%20allowed%20all%20below%20URLs.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22dilanmic_0-1637666742278.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F328851i9CEA03390B08CE9F%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22dilanmic_0-1637666742278.png%22%20alt%3D%22dilanmic_0-1637666742278.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EI%20would%20highly%20appreciate%20the%20help!%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EThanks%2C%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EDilan%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2997867%22%20slang%3D%22en-US%22%3ERe%3A%20Problem%20with%20Windows%20ATP%20client%20onboarding%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2997867%22%20slang%3D%22en-US%22%3Ecan%20you%20bypass%20proxy%20just%20for%20tests%3F%20it%20really%20look%20like%20a%20network%20issue.%3CBR%20%2F%3Ebtw%3A%20are%20you%20in%20the%20correct%20license%20plan%20(M365%20E5%20%2F%20E5%20compliance)%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2998867%22%20slang%3D%22en-US%22%3ERe%3A%20Problem%20with%20Windows%20ATP%20client%20onboarding%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2998867%22%20slang%3D%22en-US%22%3EYou%20can%20validate%20the%20Windows%20diagnostic%20data%20service%20is%20set%20to%20automatically%20start%20and%20is%20running%20on%20the%20device%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2999804%22%20slang%3D%22en-US%22%3ERe%3A%20Problem%20with%20Windows%20ATP%20client%20onboarding%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2999804%22%20slang%3D%22en-US%22%3EThanks%20Giladkeidar!%3CBR%20%2F%3E%3CBR%20%2F%3Ethat's%20the%20issue%20I%20am%20having%20right%20now%2C%20there%20is%20less%20possibility%20to%20bypass%20the%20traffic.%20However%20below%20are%20the%20license%20details%20for%20the%20users.%3CBR%20%2F%3E%3CBR%20%2F%3EEMS%20E3%3CBR%20%2F%3EM365%20E5%20Information%20Protection%20and%20Governance%3CBR%20%2F%3EOffice%20365%20E3%3CBR%20%2F%3E%3CBR%20%2F%3EThanks%20again%2C%3CBR%20%2F%3EDilan%3C%2FLINGO-BODY%3E
Occasional Contributor

Hi All,

 

I have installed Windows ATP client just to deploy endpoint DLP configurations as a part of the DLP, but client is not showing up in M365 compliance portal. further I have found service is set to Automatic and running without an issue, but below error message show up in "sense" event logs.

 

Contacted server 58 times, All failed URI: https://winatp-gw-neu.microsoft.com/. Last HTTP error code: 12007

 

further I ran the  Microsoft Defender for Endpoint Client Analyzer tool and below is the result. However, our proxy we have allowed all below URLs.

 

dilanmic_0-1637666742278.png

 

I would highly appreciate the help!

 

Thanks,

Dilan

6 Replies
best response confirmed by dilanmic (Occasional Contributor)
Solution
can you bypass proxy just for tests? it really look like a network issue.
btw: are you in the correct license plan (M365 E5 / E5 compliance)?
You can validate the Windows diagnostic data service is set to automatically start and is running on the device?
Thanks Giladkeidar!

that's the issue I am having right now, there is less possibility to bypass the traffic. However below are the license details for the users.

EMS E3
M365 E5 Information Protection and Governance
Office 365 E3

Thanks again,
Dilan
Thanks mas18. can you let me know How should I do this?

@dilanmic you can try following command to check the current  Windows diagnostic data service status.

sc qc diagtrack

if its not started or set it to auto then you can try below command to do that 

sc config diagtrack start=auto

sc start diagtrack

Hi All,

 

Thank you very much. It was related to network issue.  followed actions on below link and seems to be everything is working fine now.

 

https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-proxy-internet?v...

 

Thanks again.

Dilan