Forum Discussion

pugazhendhi's avatar
pugazhendhi
Brass Contributor
Mar 05, 2021

ATP/DFI The sensor failed to register due to connectivity issue

I'm getting the error while installing the agent in DC. * DC build with server 2012 R2 standard * DC running is virtual machine running on VMware. * All certificates are in place * Port 443 was o...
EliOfek's avatar
EliOfek
Icon for Microsoft rankMicrosoft
Are you using a proxy with SSL inspection? if yes, please avoid SSL inspection for this channel, it will cause this issue exactly, as the sensor id doing mutual cert authentication.
EliOfek's avatar
EliOfek
Icon for Microsoft rankMicrosoft
Mar 11, 2021

Wield guess:
When you configured the monitored domain controller in the portal, any chance you had a typo?
XXX.YYY.lOCAL
Shouldn't it be XXX.YYY.LOCAL

(L got replaced with I ) ?

  • pugazhendhi's avatar
    pugazhendhi
    Brass Contributor
    Mar 12, 2021
    Not really. after installation completed I can see the DC server in ATP console, but the service in DC is not getting started.
    Service name: Azure Advanced Threat Protection Sensor
    Status: Starting
    Even ID: 7031
    • EliOfek's avatar
      EliOfek
      Icon for Microsoft rankMicrosoft
      Mar 12, 2021
      You need to check why the sensor is failing to contact the mentioned /configured DC via LDAP.
      • pugazhendhi's avatar
        pugazhendhi
        Brass Contributor
        Mar 12, 2021
        Can you explain how to check or any link to follow up?

        When I create gMSA account, I used the below cmd.

        New-ADServiceAccount -Name MSA-atp –ManagedPasswordIntervalInDays 80 –SamAccountName MSA-atp -PrincipalsAllowedToRetrieveManagedPassword Group_MSA-atp

        Name: MSA-atp
        AD group: Group_MSA-atp
        Created AD group to add DC members here, group is easy to manage.

Resources