Mar 29 2019 05:51 AM
Hi, We have AATP installed on 6 servers within our company and running ok on 5 of them.
There is this server that the AATPSensor service is stuck in starting status.
I've tried stopping the service and/or Microsoft.Tri.Sensor.exe without success, sometimes it keeps trying to open multiple process of the Microsoft.Tri.Sensor.exe but all of them gets stuck opening.
There is no Microsoft.Tri.Sensor-Errors.log being created and on the Microsoft.Tri.Sensor.Updater-Errors.log it only shows the following:
"2019-03-29 12:43:43.5677 Error ServiceControllerExtension Failed to change service status [name=AATPSensor status=Running Exception=System.ServiceProcess.TimeoutException: Time out has expired and the operation has not been completed.
at System.ServiceProcess.ServiceController.WaitForStatus(ServiceControllerStatus desiredStatus, TimeSpan timeout) at Microsoft.Tri.Infrastructure.ServiceControllerExtension.ChangeServiceStatus(String name, ServiceControllerStatus status, TimeSpan timeout, Nullable`1 awaitedStatus)]"
I've tried uninstall/reinstall sensor but every time it tries to starts gets stuck.
I've verified and make sure credentials are correct on AATP portal.
Any tips or help would be greatly appreciated. Thanks in advanced!
Mar 30 2019 11:46 PM
Hi, this can be from any number of reasons, from an AV blocking the process to a resource issue
Can you please share the entire log folder?
Mar 31 2019 03:55 AM
@JCordova , look at: Microsoft.Tri.Sensor-Errors.log
It is probably crashing, the latest error before the crash should tell you what the problem is.
Apr 01 2019 07:37 AM - edited Apr 01 2019 07:37 AM
Solution
Hi, finally after some days (about 3) the AATP was able to create the Microsoft.Tri.Sensor-Errors.log file and pointed me to an error with the WinPcap or NPF driver.
Just reinstalled the WinPcap driver, rebooted the server and voila the AATP Sensor started running like charm!
***** This needs to be added to the support/troubleshoot documentation as the AATP error log took days to generate the error log and hence if it's already as an option for users to verify in advanced, users like me would tackle this right away*****
Apr 01 2019 08:15 AM
@JCordova Can you explain - how come only after 3 days you saw the log?
Wasn't the file created from the first crash? I was under the impression it was, but you previously looked in another file...
Apr 01 2019 08:27 AM
Apr 02 2019 03:40 AM
@JCordova , Can you share with me (in a private message) your workspace ID, and name of sensor machine (all in text format)?
You can get those form the AATP console UI by pressing on the question mark in the toolbar.
Feb 11 2022 11:32 AM
Hi all.
Where is this logfile located? I finally was able to install the agent using a scheduled task under 'system' now the agent is started on my physical DC's, but starting on my virtual ones... and no logfile to be found.. Regards, Ben
Feb 11 2022 02:44 PM
Apr 01 2019 07:37 AM - edited Apr 01 2019 07:37 AM
Solution
Hi, finally after some days (about 3) the AATP was able to create the Microsoft.Tri.Sensor-Errors.log file and pointed me to an error with the WinPcap or NPF driver.
Just reinstalled the WinPcap driver, rebooted the server and voila the AATP Sensor started running like charm!
***** This needs to be added to the support/troubleshoot documentation as the AATP error log took days to generate the error log and hence if it's already as an option for users to verify in advanced, users like me would tackle this right away*****