Aug 12 2019 12:47 PM
Hi, I am trying to onboard an ATP client on Windows 10 using SCCM.
SCCM states the policy was applied correctly. The ATP service is running, the sense logs only contains warning and error messages stating the following:
Contacted server 20 times, failed 14 times and succeeded 6 times. URI: https://winatp-gw-neu.microsoft.com/. Last HTTP error code: 400
The ATP connectivity verifier states the client is onboarded along with HTTP code 200 success messages.
Any ideas what to check?
Aug 29 2019 07:08 AM - edited Aug 29 2019 07:09 AM
@kim oppalfens- exact same problem here...
WDATPConnectivityAnalyzer shows no errors at all, but the Eventlog shows Connection failed - error 400.
Aug 29 2019 07:14 AM
Aug 29 2019 07:28 AM
Aug 30 2019 06:22 AM
Sep 12 2019 12:47 PM
Same issue here, I get lots of the following errors in the SENSE event logs.
Contacted server 58 times, all failed, URI: https://winatp-gw-eus.microsoft.com/. Last HTTP error code: 400
Have you had any luck from support?
Sep 12 2019 12:51 PM
My issue was resolved by offboarding from a different tenant and onboard subsequently.
Even if you reset the device, if it has been part of a previous poc on atp the onboarding will fail.
Sep 12 2019 01:09 PM
and if we can't remember the tenant that we used before to login and get the offboarding script I assume there is nothing else we can do?
Sep 12 2019 01:36 PM
Support was looking at creating an offboarding script based on data found in the registry. There wasn't an easy way to create that ourselves. I managed to find my tenant back and eventhough it had long expired I could still log into it and download an offboarding script. If you still know what mailbox the poc was requested in you might find the mail with your login. It should contain this string Analyst@Windows.
Good luck
Oct 17 2019 02:14 PM
For anyone else having a similar problem you can use the MDATPClientAnalyzer tool at
It finds the issue I was having and that I need to off-board my device from my previous Azure Tenant.
Oct 19 2019 01:14 AM
Check your proxy and firewall.