Aug 07 2020 04:15 AM
Hi All,
I have multiple DC on which Azure ATP sensor is working fine, however on one of Domain controller 2008 R2 server it is throwing below error
Error ExceptionHandler Microsoft.Tri.Infrastructure.ExtendedException: RestrictCpuAsync failed, exiting ---> System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
Could you please advise, installation is having no issues
Microsoft.Tri.Sensor-Errors - shows above logs
Aug 07 2020 02:38 PM
@aniketvpandey something is blocking proper TLS communication on localhost between the sensor process and the updater process.
Aug 08 2020 01:51 AM
@Eli Ofek thanks for your advise, anything you would like to advise, it was working before?
I have checked TLS 1.2 enabled
Aug 08 2020 01:28 PM
The TLS communication is on localhost :444, any chance there is a new FW rule that cause issues?
Some of the cases we know about were resolved by making sure these registry values are set to 0 (1 is not the default)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL]
"DisableRenegoOnServer"=dword:00000001
"DisableRenegoOnClient"=dword:00000001
Was ADFS installed on this machine by any chance?
Apr 13 2022 01:06 AM
Hello,
I have the same problem on ADFS Sensor. It's Windows server 2019.
I didn't have problem on the Domain Controller just on ADFS.
The service Update is running but not the service AATPSensor. It just starting again and again.
Can you help me?
Error:
2022-04-13 08:03:19.6535 Error ExceptionHandler Microsoft.Tri.Infrastructure.ExtendedException: RestrictCpuAsync failed, exiting ---> System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
at Stream System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, out TransportContext context)
at void System.Net.Http.HttpClientHandler.GetRequestStreamCallback(IAsyncResult ar)
--- End of inner exception stack trace ---
at async Task<HttpResponseMessage> System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task<HttpResponseMessage> sendTask, HttpRequestMessage request, CancellationTokenSource cts, bool disposeCts)
at async Task<TResponse> Microsoft.Tri.Common.CommunicationWebClient.SendAsync<TResponse>(byte[] requestBytes, int offset, int count)
at async Task<TResponse> Microsoft.Tri.Common.CommunicationWebClient.SendWithRetryAsync<TResponse>(byte[] requestBytes, int offset, int count)
at async Task Microsoft.Tri.Common.CommunicationWebClient.SendAsync(IVoidRequest request)
at async Task Microsoft.Tri.Sensor.Common.ServiceProxy<TWebClientConfiguration>.SendAsync(IVoidRequest request)
at async Task Microsoft.Tri.Sensor.SensorResourceManager.RestrictCpuAsync()
--- End of inner exception stack trace ---
Apr 13 2022 01:08 AM
Apr 13 2022 03:32 AM
@Sebastien65 The error in the updater's log is expected given the fact that the sensor is failing to start.
It has a watchdog that alerts the sensor is down.
As for why the sensor is failing to communicate over TCP/444 using TLS, given that you tried my previous suggestions, I would say you should open a support ticket to get an engineer to deep dive into this,
it is most likely a configuration/policy issue of some sorts, but it's impossible to troubleshot over community posts. We can update here once you get this resolved and add info about what was the issue.
Jun 28 2022 05:34 AM
Jun 28 2022 05:45 AM
No I didn't resolve and I have open a ticket with Microsoft and send my logs but for the moment.
But for the moment nothing works better.
You have the problem on the DC 2019 not ADFS? So maybe the problem is only on 2019 server and not because it's ADFS server for moment.
For the moment Microsoft said nothing when I said I have only the problem on 2019 Server.
Jun 28 2022 05:59 AM
@Sebastien65
I am not aware what is going on with the support ticket,
but I can say that there is no such "known issue" with 2019 AD or ADFS.
We have tons of them working fine world wide without any issues.
From previous incidents, it was always some sort of policy on the machine the customer was not aware of, or a 3rd party that was creating the block.
Jun 28 2022 06:06 AM - edited Jun 28 2022 06:07 AM
Hello,
I didn't have the problem on all my DC. I Have more than 20 DCs without problem but all my DCs are with 2012 Server R2.
My 2 ADFS Server are in Windows Server 2019 and I have the same problem.
Jun 28 2022 02:26 PM
Jul 04 2022 12:01 AM
Jul 04 2022 12:34 AM
Jul 04 2022 12:57 AM
Jul 04 2022 01:05 AM