SOLVED

Health state :No sensor data

Copper Contributor

Hello,

I have some windows 10 PCs  (around 33 PC)  have Health state: No sensor data and most of them are windows 22H2 , and sense Event viewer is floading with error code 406 as below 

"Request for register rejected by authentication service. Hresult: 0x80070005, error code: 1 ."

"Request for ValidateToken rejected by authentication service. Hresult: 0x80070005, error code: 1 ."

"Request for GetNonce rejected by authentication service. Hresult: 0x80070005, error code: 1 ."

 No errors on MDEAnalazyser tools ,and checked this https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/fix-unhealthy-sensors?vie... article .

If i offboarding and reboarding the pc via GPO , it will work find as reported by event viewer but no changes on security.microsoft.com portal  .

 

All pcs are configured for authenticated proxy as per the technet artical 

https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-proxy-internet?...

 

 

Best Regards

14 Replies
your devices are showing active or inactive in the MDE portal ?
Hi.
On MDE it shown " No sensor data"
can you please share the results by running the below , seems your devices not able to communicate with the MDE service

https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-proxy-internet?...

@fhaddad81330 

Do you have SSL inspection running at the proxy? If so, have you excluded all the MDE urls from SSL inspection?

 

Also, did you check the note below?

Jonhed_0-1690208758420.png

 

@eliekarkafy 

HI all tests of MDEclientAnalayzer were successed including Connectivity output

Sorry, its for another post 

HI . I believe these logs for Defender for Identity logs not for Endpoint

I Suggest opening a Microsoft ticket with the security team so they can check your MDE in the backend, since all your devices are successfully connected to MDE services. but if you want to test one device outside your proxy to check if it will show up active in MDE, and to make sure that you have an issue with the proxy itself 

We had this problem after upgrading to Windows 10 22H2. After a long wait, MS acknowledged on our ticket that this was a known issue with 22H2 upgrades. They had to do a 'token reset' to force all the machines to fully re-initialize their MDE set up. A normal onboard/offboard tries to keep the same device ID and other settings which persist in the registry. If you open a ticket with MS they may be able to force a token refresh on the affected machines. That didn't work for us, so we had to offboard the machines and then delete a few files and registry values, then onboard again.
Hello,

All PCs are not completely offline. Although some PCs have this registry setting with value 1

We had to run these as System user due to higher security on the settings, this forced a full re-initialization with MDE. Each device got a new device ID, and the old device entry remained so we had a bunch of duplicate devices until the idle ones times out.

 

cd "C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Cyber"
del *.* /f /s /q
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection" /v senseGuid /f 
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection" /v 7DC0B629-D7F6-4DB3-9BF7-64D5AAF50F1A /f 
REG DELETE "HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection\48A68F11-7A16-4180-B32C-7F974C7BD783" /v 7DC0B629-D7F6-4DB3-9BF7-64D5AAF50F1A /f exit
Hello. Thank you for your update . I will try the above solution on one of the affected PC.
Will Microsoft release an fix update for windows 10 since i have 40% of my PCs have this error "no sensor data"
best response confirmed by fhaddad81330 (Copper Contributor)
Solution
It is a good idea to open a support ticket, they have to fix something on the cloud side. They may be able to fix all of your PCs at once that way.
Agreed . I will do that
1 best response

Accepted Solutions
best response confirmed by fhaddad81330 (Copper Contributor)
Solution
It is a good idea to open a support ticket, they have to fix something on the cloud side. They may be able to fix all of your PCs at once that way.

View solution in original post