ATA Client on a Server 2019 Domain Controller

We have noticed that when installing the ATA client on a Windows Server 2019 domain controller the Lsass.exe service crashes every 10-25 minutes and causes the server to reboot. We also noticed that when we installed the client on multiple 2019 domain controllers they all have Lsass.exe crash at the same time and they reboot within a few moments of each other. 

So on our open issue with support on Windows Hello for Business breaking when authenticating against a Server 2019 DC, support just came back to us and said that issue is due to a bug in LSASS which there will be a fix for in the February CU, and provided a "temporary fix"  for "testing purposes only".  Is it the same bug in LSASS that is biting both Azure ATP and WhfB?


I ask because we have a workaround that will be fine for us for the WhfB issue in the interim without the temporary fix, but would look at it if it will allow us to get Azure ATP going again so we are not partially blind until Feb 13th with the CU comes out.

We are using ATA and Hello on our 2019 DC's with the hotfix we were provided. 

Yes, it's the same fix. we are actually waiting for it to be officially released, so we can complete testing of AATP on Server 2019, and given that we won't find new issues, also officially support it in the docs.

I'm in the process of building some DC's up in Azure, and want to use Server 2019. Do we know of an ETA for official 2019 support? I know that there is a hotfix, but hotfixes and officially supported OS's are not the same :)


The mentioned hotfix is for windows, not AATP.

It it planned as far as I know to be released this week.

Once it does, we will be able to complete testing on 2019, and if all is good, we will add official support for 2019. So unless we discover more issues, I expect it to happen pretty soon.


Note that for ATA, we also do not officially support 2019 (yet).

How's the testing coming along? I'm very interested in getting ATP setup on 2019, but I know that testing can take some time :)



@Lynn Towle , it's in progress. unless we get new surprises we are going for official support soon.

The best thing you can do at this point is to deploy the CU asap, so once we release official support you can just deploy the sensor, or else deployment will be blocked.