ATP/DFI The sensor failed to register due to connectivity issue

Copper Contributor

I'm getting the error while installing the agent in DC.

* DC build with server 2012 R2 standard

* DC running is virtual machine running on VMware.

* All certificates are in place

* Port 443 was opened to cloud (*.atp.azure.com)

* Latest patches update, latest .Net installed (4.7 and above).

 

at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Tri.Sensor.Deployment.Bundle.UI.DeploymentModel.<ValidateCreateSensorAsync>d__52.MoveNext() failed connecting to service. The issue can be caused by a transparent proxy configuration [\[]WorkspaceApplicationSensorApiEndpoint=Unspecified/***sensorapi.atp.azure.com:443[\]]
[1C80:214C][2021-03-04T21:58:12]i000: 2021-03-04 21:58:12.6754 Info Model ValidateAsync ValidateCreateSensorAsync returned [\[]validateCreateSensorResult=FailedConnectivity[\]]
[1C80:214C][2021-03-04T21:58:16]i000: 2021-03-04 21:58:16.8543 Debug SensorBootstrapperApplication Run Engine.Quit [\[]deploymentResultStatus=1602 isRestartRequired=False[\]]
[1C80:08B8][2021-03-04T21:58:16]i500: Shutting down, exit code: 0x642
[1C80:08B8][2021-03-04T21:58:16]i410: Variable: Kb4019990Windows2008R2Exists = 0
[1C80:08B8][2021-03-04T21:58:16]i410: Variable: Kb4019990Windows2012Exists = 0
[1C80:08B8][2021-03-04T21:58:16]i410: Variable: NetFrameworkCommandLineArguments = 

6 Replies
Are you using a proxy with SSL inspection? if yes, please avoid SSL inspection for this channel, it will cause this issue exactly, as the sensor id doing mutual cert authentication.

Wield guess:
When you configured the monitored domain controller in the portal, any chance you had a typo?
XXX.YYY.lOCAL
Shouldn't it be XXX.YYY.LOCAL

(L got replaced with I ) ?

Not really. after installation completed I can see the DC server in ATP console, but the service in DC is not getting started.
Service name: Azure Advanced Threat Protection Sensor
Status: Starting
Even ID: 7031
You need to check why the sensor is failing to contact the mentioned /configured DC via LDAP.
Can you explain how to check or any link to follow up?

When I create gMSA account, I used the below cmd.

New-ADServiceAccount -Name MSA-atp –ManagedPasswordIntervalInDays 80 –SamAccountName MSA-atp -PrincipalsAllowedToRetrieveManagedPassword Group_MSA-atp

Name: MSA-atp
AD group: Group_MSA-atp
Created AD group to add DC members here, group is easy to manage.
failing to retrieve gMsa can be caused by many issues.
I don't have a step by step guide to troubleshoot this. I suggest to open a support ticket to handle that.