Aug 07 2020 03:01 AM
Hi there,
we have some problems with our ATP sensors. We have the following setup:
Forest with two domains (peer domains)
VMWare - Cluster with 7 DCs (6 ESX Hosts).
3 Standalone Sensor VMs tied to 2-3 DCs on the same host so that port mirroring works.
We have configured this in Azure ATP portal so it matches the host to sensor assignment.
From time to time we get communication issues in Azure ATP portal. (Some domain controllers are unreachable by a Sensor)
The error message changes often so it is not always the same DC that can't be reached.
I've checked that TSO offloding is disabled on all sensor VMs. Also I manually checked the communication from sensor VMs to the DCs.
I can see the following error message in Tri.Sensor-Errors.log at the time of the error in Azure ATP Portal:
Error GroupPolicyHelper GetKerberosPolicy failed [domainDnsName=domain.local defaultDomainPolicyIniFilePath=\\domain.local\sysvol\domain.local\Policies\{GUID}\MACHINE\Microsoft\Windows NT\SecEdit\GptTmpl.inf]
Maybe someone has an idea what could be wrong.
Best regards,
Bernd
Aug 07 2020 03:06 AM