ATP/DFI The sensor failed to register due to connectivity issue

%3CLINGO-SUB%20id%3D%22lingo-sub-2186561%22%20slang%3D%22en-US%22%3EATP%2FDFI%20The%20sensor%20failed%20to%20register%20due%20to%20connectivity%20issue%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2186561%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20getting%20the%20error%20while%20installing%20the%20agent%20in%20DC.%3C%2FP%3E%3CP%3E*%20DC%20build%20with%20server%202012%20R2%20standard%3C%2FP%3E%3CP%3E*%20DC%20running%20is%20virtual%20machine%20running%20on%20VMware.%3C%2FP%3E%3CP%3E*%20All%20certificate%20are%20in%20place%3C%2FP%3E%3CP%3E*%20Port%20443%20was%20opened%20to%20cloud%20(*.atp.azure.com)%3C%2FP%3E%3CP%3E*%20Latest%20patches%20update%2C%20latest%20.Net%20installed%20(4.7%20and%20above).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eat%20System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task%20task)%3CBR%20%2F%3Eat%20Microsoft.Tri.Sensor.Deployment.Bundle.UI.DeploymentModel.%3CVALIDATECREATESENSORASYNC%3Ed__52.MoveNext()%20failed%20connecting%20to%20service.%20The%20issue%20can%20be%20caused%20by%20a%20transparent%20proxy%20configuration%20%5B%5C%5B%5DWorkspaceApplicationSensorApiEndpoint%3DUnspecified%2F***sensorapi.atp.azure.com%3A443%5B%5C%5D%5D%3CBR%20%2F%3E%5B1C80%3A214C%5D%5B2021-03-04T21%3A58%3A12%5Di000%3A%202021-03-04%2021%3A58%3A12.6754%20Info%20Model%20ValidateAsync%20ValidateCreateSensorAsync%20returned%20%5B%5C%5B%5DvalidateCreateSensorResult%3DFailedConnectivity%5B%5C%5D%5D%3CBR%20%2F%3E%5B1C80%3A214C%5D%5B2021-03-04T21%3A58%3A16%5Di000%3A%202021-03-04%2021%3A58%3A16.8543%20Debug%20SensorBootstrapperApplication%20Run%20Engine.Quit%20%5B%5C%5B%5DdeploymentResultStatus%3D1602%20isRestartRequired%3DFalse%5B%5C%5D%5D%3CBR%20%2F%3E%5B1C80%3A08B8%5D%5B2021-03-04T21%3A58%3A16%5Di500%3A%20Shutting%20down%2C%20exit%20code%3A%200x642%3CBR%20%2F%3E%5B1C80%3A08B8%5D%5B2021-03-04T21%3A58%3A16%5Di410%3A%20Variable%3A%20Kb4019990Windows2008R2Exists%20%3D%200%3CBR%20%2F%3E%5B1C80%3A08B8%5D%5B2021-03-04T21%3A58%3A16%5Di410%3A%20Variable%3A%20Kb4019990Windows2012Exists%20%3D%200%3CBR%20%2F%3E%5B1C80%3A08B8%5D%5B2021-03-04T21%3A58%3A16%5Di410%3A%20Variable%3A%20NetFrameworkCommandLineArguments%20%3D%26nbsp%3B%3C%2FVALIDATECREATESENSORASYNC%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2186561%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EDFI%20or%20ATP%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2189139%22%20slang%3D%22en-US%22%3ERe%3A%20ATP%2FDFI%20The%20sensor%20failed%20to%20register%20due%20to%20connectivity%20issue%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2189139%22%20slang%3D%22en-US%22%3EAre%20you%20using%20a%20proxy%20with%20SSL%20inspection%3F%20if%20yes%2C%20please%20avoid%20SSL%20inspection%20for%20this%20channel%2C%20it%20will%20cause%20this%20issue%20exactly%2C%20as%20the%20sensor%20id%20doing%20mutual%20cert%20authentication.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2203034%22%20slang%3D%22en-US%22%3ERe%3A%20ATP%2FDFI%20The%20sensor%20failed%20to%20register%20due%20to%20connectivity%20issue%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2203034%22%20slang%3D%22en-US%22%3EThanks%20you%20very%20much%2C%20I%20can%20installed%2C%20but%20getting%20below%20error.%3CBR%20%2F%3E%3CBR%20%2F%3E2021-03-11%2016%3A59%3A26.4470%20Info%20RemoteImpersonationManager%20CreateImpersonatorInternalAsync%20started%20%5BUserName%3Daccount_name%20Domain%3Daa18.lOCAL%20IsGroupManagedServiceAccount%3DTrue%5D%3CBR%20%2F%3E2021-03-11%2016%3A59%3A26.4782%20Warn%20JsonSerializerSettingsExtension%2BJsonSerializationBinder%20GetTypeFromName%20%5BtypeName%3DGetGroupManagedServiceAccountAccessTokenHandleResponse%5D%3CBR%20%2F%3E2021-03-11%2016%3A59%3A26.4782%20Info%20RemoteImpersonationManager%20GetGroupManagedServiceAccountTokenAsync%20finished%20%5BUserName%3Daccount_name%20Domain%3Daa18.lOCAL%20IsSuccess%3DFalse%5D%3CBR%20%2F%3E2021-03-11%2016%3A59%3A26.4782%20Info%20RemoteImpersonationManager%20CreateImpersonatorInternalAsync%20finished%20%5BUserName%3Daccount_name%20Domain%3Daa18.lOCAL%5D%3CBR%20%2F%3E2021-03-11%2016%3A59%3A26.4782%20Warn%20DirectoryServicesClient%20CreateLdapConnectionAsync%20failed%20to%20retrieve%20group%20managed%20service%20account%20password.%20%5BDomainControllerDnsName%3Ds217124lo4vw18e.aa18.lOCAL%20Domain%3Daa18.lOCAL%20UserName%3Daccount_name%20%5D%3CBR%20%2F%3E2021-03-11%2016%3A59%3A26.6657%20Error%20DirectoryServicesClient%2B%3CCREATELDAPCONNECTIONASYNC%3Ed__38%20Microsoft.Tri.Infrastructure.ExtendedException%3A%20CreateLdapConnectionAsync%20failed%20%5BDomainControllerDnsName%3Daa18.lOCAL%5D%3CBR%20%2F%3Eat%20async%20Task%3CLDAPCONNECTION%3E%20Microsoft.Tri.Sensor.DirectoryServicesClient.CreateLdapConnectionAsync(DomainControllerConnectionData%20domainControllerConnectionData%2C%20bool%20isGlobalCatalog%2C%20bool%20isTraversing)%3CBR%20%2F%3Eat%20async%20Task%3CBOOL%3E%20Microsoft.Tri.Sensor.DirectoryServicesClient.TryCreateLdapConnectionAsync(DomainControllerConnectionData%20domainControllerConnectionData%2C%20bool%20isGlobalCatalog%2C%20bool%20isTraversing)%3CBR%20%2F%3E2021-03-11%2016%3A59%3A26.6970%20Error%20DirectoryServicesClient%20Microsoft.Tri.Infrastructure.ExtendedException%3A%20Failed%20to%20communicate%20with%20configured%20domain%20controllers%3CBR%20%2F%3Eat%20new%20Microsoft.Tri.Sensor.DirectoryServicesClient(IConfigurationManager%20configurationManager%2C%20IDomainNetworkCredentialsManager%20domainNetworkCredentialsManager%2C%20IRemoteImpersonationManager%20remoteImpersonationManager%2C%20IMetricManager%20metricManager%2C%20IWorkspaceApplicationSensorApiJsonProxy%20workspaceApplicationSensorApiJsonProxy)%3CBR%20%2F%3Eat%20object%20lambda_method(Closure%2C%20object%5B%5D)%3CBR%20%2F%3Eat%20object%20Autofac.Core.Activators.Reflection.ConstructorParameterBinding.Instantiate()%3CBR%20%2F%3Eat%20void%20Microsoft.Tri.Infrastructure.ModuleManager.AddModules(Type%5B%5D%20moduleTypes)%3CBR%20%2F%3Eat%20new%20Microsoft.Tri.Sensor.SensorModuleManager()%3CBR%20%2F%3Eat%20ModuleManager%20Microsoft.Tri.Sensor.SensorService.CreateModuleManager()%3C%2FBOOL%3E%3C%2FLDAPCONNECTION%3E%3C%2FCREATELDAPCONNECTIONASYNC%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2203417%22%20slang%3D%22en-US%22%3ERe%3A%20ATP%2FDFI%20The%20sensor%20failed%20to%20register%20due%20to%20connectivity%20issue%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2203417%22%20slang%3D%22en-US%22%3E%3CP%3EWield%20guess%3A%3CBR%20%2F%3EWhen%20you%20configured%20the%20monitored%20domain%20controller%20in%20the%20portal%2C%20any%20chance%20you%20had%20a%20typo%3F%3CBR%20%2F%3EXXX.YYY.lOCAL%20%3CBR%20%2F%3EShouldn't%20it%20be%20XXX.YYY.LOCAL%20%3CBR%20%2F%3E%3CBR%20%2F%3E(L%20got%20replaced%20with%20I%20)%20%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2204425%22%20slang%3D%22en-US%22%3ERe%3A%20ATP%2FDFI%20The%20sensor%20failed%20to%20register%20due%20to%20connectivity%20issue%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2204425%22%20slang%3D%22en-US%22%3ENot%20really.%20after%20installation%20completed%20I%20can%20see%20the%20DC%20server%20in%20ATP%20console%2C%20but%20the%20service%20in%20DC%20is%20not%20getting%20started.%3CBR%20%2F%3EService%20name%3A%20Azure%20Advanced%20Threat%20Protection%20Sensor%3CBR%20%2F%3EStatus%3A%20Starting%3CBR%20%2F%3EEven%20ID%3A%207031%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

I'm getting the error while installing the agent in DC.

* DC build with server 2012 R2 standard

* DC running is virtual machine running on VMware.

* All certificates are in place

* Port 443 was opened to cloud (*.atp.azure.com)

* Latest patches update, latest .Net installed (4.7 and above).

 

at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Tri.Sensor.Deployment.Bundle.UI.DeploymentModel.<ValidateCreateSensorAsync>d__52.MoveNext() failed connecting to service. The issue can be caused by a transparent proxy configuration [\[]WorkspaceApplicationSensorApiEndpoint=Unspecified/***sensorapi.atp.azure.com:443[\]]
[1C80:214C][2021-03-04T21:58:12]i000: 2021-03-04 21:58:12.6754 Info Model ValidateAsync ValidateCreateSensorAsync returned [\[]validateCreateSensorResult=FailedConnectivity[\]]
[1C80:214C][2021-03-04T21:58:16]i000: 2021-03-04 21:58:16.8543 Debug SensorBootstrapperApplication Run Engine.Quit [\[]deploymentResultStatus=1602 isRestartRequired=False[\]]
[1C80:08B8][2021-03-04T21:58:16]i500: Shutting down, exit code: 0x642
[1C80:08B8][2021-03-04T21:58:16]i410: Variable: Kb4019990Windows2008R2Exists = 0
[1C80:08B8][2021-03-04T21:58:16]i410: Variable: Kb4019990Windows2012Exists = 0
[1C80:08B8][2021-03-04T21:58:16]i410: Variable: NetFrameworkCommandLineArguments = 

6 Replies
Are you using a proxy with SSL inspection? if yes, please avoid SSL inspection for this channel, it will cause this issue exactly, as the sensor id doing mutual cert authentication.

Wield guess:
When you configured the monitored domain controller in the portal, any chance you had a typo?
XXX.YYY.lOCAL
Shouldn't it be XXX.YYY.LOCAL

(L got replaced with I ) ?

Not really. after installation completed I can see the DC server in ATP console, but the service in DC is not getting started.
Service name: Azure Advanced Threat Protection Sensor
Status: Starting
Even ID: 7031
You need to check why the sensor is failing to contact the mentioned /configured DC via LDAP.
Can you explain how to check or any link to follow up?

When I create gMSA account, I used the below cmd.

New-ADServiceAccount -Name MSA-atp –ManagedPasswordIntervalInDays 80 –SamAccountName MSA-atp -PrincipalsAllowedToRetrieveManagedPassword Group_MSA-atp

Name: MSA-atp
AD group: Group_MSA-atp
Created AD group to add DC members here, group is easy to manage.
failing to retrieve gMsa can be caused by many issues.
I don't have a step by step guide to troubleshoot this. I suggest to open a support ticket to handle that.