Forum Discussion
ATA Client on a Server 2019 Domain Controller
Can you tell me if uninstalling the ATA gateway resolves the issue and lsass stop crashing?
Yes it did stop the reboots
Any 3rd party security apps installed on the machines?
None. These are dedicated AD controllers
Are those physical machines / VMs or both?
We tried both. The interesting thing is they all seemed to reboot at the same time.
Do you have other DCs (< 2019) where everything works fine?
Yes we have other 2016 DC’s that the Azure ATA client works just fine on
Do you have other DCs (< 2019) which experience the same problem?
No. The 2016 servers are acting as expected
If you have crash dumps already, please zip and upload to the secured workspace that will be provided by the support engineer.
Not yet. I will work on this.
Also, attach any logs & blg files you can find from the gateway service on the crashing machine:
I will work on this
To be clear I'm talking about Azure Advanced Threat Protection and not the on prem version of ATP.
- EliOfek
Microsoft
Same procedure please. Let support know it's AATP and not ATA. Same situation on ours, our 3 x 2019 Domain Controllers with AATP Sensor installed also crash lsass causing a reboot.
As for third party software, nothing else, config is:
DC as a VM in Hyper-V [Host is 2019], VM as Gen 2 ver 9
DC installed as Core with FoD + IE11
Roles: DNS on all 3. DHCP on 2 servers [with Scope failover in failover mode]
+ AATP Sensor on all 3
Nothing additional
Looking at timing it could be triggered by activety and amount of.
Reboots more frequently during the day, then last reboot was around 19:05 last night, next reboot was 07:05 this morning, then after that around every 30 - 60 mins.
