Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

Onboard MDE - Windows 2019 - MS Sense is missing / Error 15

Copper Contributor



Let's start with a little background. 


We faced an issue earlier this year that resulted in the offboarding of a few machines, both 2012 R2, 2016, 2019. The offboarding was done with the downlevel script for all machines, including 2019. The offboarding was done just to verify if the issue we faced was caused by MDE or not. 


Now it's time to onboard the machines again, and that wasn't done in a breeze. 


The Windows 2012 R2 machines went on easy, also a Windows 2016 worked as well. 

But when we started onboarding a Windows 2019, the trouble started.


When we tried to run the onboarding script from the Security-portal, it gave us an error message complaining that it wasn't able to find the "Sense"-service. And that is correct, the sense-service isn't there anymore. 


What we have tried is the following:

1. Tried running the md4ws.msi installation package. The installation package went on just fine, but the event log says that the installation failed (sort of)


"Windows Installer installed the product. Product Name: Microsoft Defender for Endpoint. Product Version: 23.8.2006. Product Language: 1053. Manufacturer: Microsoft Corporation. Installation success or error status: 1603."


One of the warnings that could be found in the event log prior to that message is this:


"Product: Microsoft Defender for Endpoint. The application tried to install a more recent version of the protected Windows file C:\Windows\system32\mssecuser.dll. You may need to update your operating system for this application to work correctly. (Package Version: 10.0.22621.1023, Operating System Protected Version: 6.3.25393.1006)."


After the installation, no Sense service could be found.


2. Setup the sense service manually.

We registered a new service with powershell and then exported the configuration from a server that had the sense service up and running. And after that was done, we tried to start the service - unfortunately with an application crash.


"Faulting application name: MsSense.exe, version: 10.8560.25393.1012, time stamp: 0x82bbfd29
Faulting module name: MsSense.dll, version: 10.8560.25393.1012, time stamp: 0x0495677f
Exception code: 0xc0000409
Fault offset: 0x00000000005c9245
Faulting process id: 0x1c60
Faulting application start time: 0x01d9e4f214e51685
Faulting application path: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
Faulting module path: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.dll
Report Id: 5e2a9ca1-a411-4ff1-aea3-c80fd23fc07b
Faulting package full name:
Faulting package-relative application ID: "


Anyone who has any idea on how to proceed with this issue? 

0 Replies