Problema with ATP and win10 1903 - 1909

%3CLINGO-SUB%20id%3D%22lingo-sub-1122295%22%20slang%3D%22en-US%22%3EProblema%20with%20ATP%20and%20win10%201903%20-%201909%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1122295%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20~1000%20PC%20managed%20by%20sccm%20and%20onboarded%20in%20ATP.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EUpgrading%20to%201903%20PC%20starts%20to%20have%20'%3CSPAN%3EImpaired%20communications'%20state.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EPcs%20have%20the%20same%20hardware%20and%20same%20software%2C%20and%20are%20configured%20in%20equivalent%20way.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EThe%20strange%20is%20that%20not%20all%201909%20are%20in%26nbsp%3B'Impaired%20communications'.%20a%20little%20percentage%20are%20'active'.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3Ealready%20tested%20with%26nbsp%3B%3CA%20title%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fmicrosoft-defender-atp%2Ffix-unhealthy-sensors%22%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fmicrosoft-defender-atp%2Ffix-unhealthy-sensors%22%20target%3D%22_blank%22%20rel%3D%22noreferrer%20noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fmicrosoft-defender-atp%2Ffix-unhealthy-sensors%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EI%20use%20the%20proxy%20way%2C%20and%20no%20problem%20with%20test.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EWhat%20could%20I%20try%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3Ethanks%2C%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EPaolo%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F166515iB250D822A4A4B417%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22clipboard_image_0.png%22%20title%3D%22clipboard_image_0.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F166516iBED6BE81D2A2ABFF%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22clipboard_image_1.png%22%20title%3D%22clipboard_image_1.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Contributor

I have ~1000 PC managed by sccm and onboarded in ATP.

 

Upgrading to 1903 PC starts to have 'Impaired communications' state.

Pcs have the same hardware and same software, and are configured in equivalent way.

 

The strange is that not all 1909 are in 'Impaired communications'. a little percentage are 'active'.

 

already tested with https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/fix-unhea...

I use the proxy way, and no problem with test.

 

What could I try?

 

thanks,

Paolo

 

 

 

 

 

 

 

clipboard_image_0.pngunknown.png

 
 

 

2 Replies
Highlighted

 Hi @Braguzz 

did you check affected clients "sense" event log already?

can you confirm messages on the affected clients like:

Contacted server 8 times, all succeeded, URI: https://winatp-gw-weu.microsoft.com/.

 

Highlighted

Sometimes log says:

Server contacted 6 times; all failed operations, URI: https://winatp-gw-weu.microsoft.com/. Last HTTP error code: 0

 

sometimes (same machine) it says:

Server contacted 7 times; operation failed 6 times and completed 1 times. URI: https://winatp-gw-weu.microsoft.com/. Last HTTP error code: 0

 

I also have some other 'Infomation log' including:

The network connection is identified as normal. Windows Defender Advanced Threat Protection will contact the server every 300 seconds. Consumption connection: false, Internet available: true, free network available: true, the proxy is defined by GP: true.

 

 

but WHY only 1903 and 1909???

(in 1809 no errors in 'sense' logs)