Azure ATP sensor : Could not create SSL/TLS secure channel

%3CLINGO-SUB%20id%3D%22lingo-sub-1572720%22%20slang%3D%22en-US%22%3EAzure%20ATP%20sensor%20%3A%20Could%20not%20create%20SSL%2FTLS%20secure%20channel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1572720%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20All%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20multiple%20DC%20on%20which%20Azure%20ATP%20sensor%20is%20working%20fine%2C%20however%20on%20one%20of%20Domain%20controller%202008%20R2%20server%20it%20is%20throwing%20below%20error%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EError%20ExceptionHandler%20Microsoft.Tri.Infrastructure.ExtendedException%3A%20RestrictCpuAsync%20failed%2C%20exiting%20---%26gt%3B%20System.Net.Http.HttpRequestException%3A%20An%20error%20occurred%20while%20sending%20the%20request.%20---%26gt%3B%20System.Net.WebException%3A%20The%20request%20was%20aborted%3A%20Could%20not%20create%20SSL%2FTLS%20secure%20channel.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECould%20you%20please%20advise%2C%20installation%20is%20having%20no%20issues%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMicrosoft.Tri.Sensor-Errors%20-%20shows%20above%20logs%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1573934%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20ATP%20sensor%20%3A%20Could%20not%20create%20SSL%2FTLS%20secure%20channel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1573934%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F752485%22%20target%3D%22_blank%22%3E%40aniketvpandey%3C%2FA%3E%26nbsp%3Bsomething%20is%20blocking%20proper%20TLS%20communication%20on%20localhost%20between%20the%20sensor%20process%20and%20the%20updater%20process.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1574487%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20ATP%20sensor%20%3A%20Could%20not%20create%20SSL%2FTLS%20secure%20channel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1574487%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F106935%22%20target%3D%22_blank%22%3E%40Eli%20Ofek%3C%2FA%3E%26nbsp%3Bthanks%20for%20your%20advise%2C%20anything%20you%20would%20like%20to%20advise%2C%20it%20was%20working%20before%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20checked%20TLS%201.2%20enabled%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1575159%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20ATP%20sensor%20%3A%20Could%20not%20create%20SSL%2FTLS%20secure%20channel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1575159%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F752485%22%20target%3D%22_blank%22%3E%40aniketvpandey%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20TLS%20communication%20is%20on%20localhost%20%3A444%2C%20any%20chance%20there%20is%20a%20new%20FW%20rule%20that%20cause%20issues%3F%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESome%20of%20the%20cases%20we%20know%20about%20were%20resolved%20by%20making%20sure%20these%20registry%20values%20are%20set%20to%200%20(1%20is%20not%20the%20default)%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%5BHKEY_LOCAL_MACHINE%5CSYSTEM%5CCurrentControlSet%5CControl%5CSecurityProviders%5CSCHANNEL%5D%3C%2FP%3E%0A%3CP%3E%22DisableRenegoOnServer%22%3Ddword%3A00000001%3C%2FP%3E%0A%3CP%3E%22DisableRenegoOnClient%22%3Ddword%3A00000001%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWas%20ADFS%20installed%20on%20this%20machine%20by%20any%20chance%3F%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

Hi All,

 

I have multiple DC on which Azure ATP sensor is working fine, however on one of Domain controller 2008 R2 server it is throwing below error

 

Error ExceptionHandler Microsoft.Tri.Infrastructure.ExtendedException: RestrictCpuAsync failed, exiting ---> System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.

 

Could you please advise, installation is having no issues

 

Microsoft.Tri.Sensor-Errors - shows above logs

3 Replies
Highlighted

@aniketvpandey something is blocking proper TLS communication on localhost between the sensor process and the updater process.

 

Highlighted

@Eli Ofek thanks for your advise, anything you would like to advise, it was working before?

 

I have checked TLS 1.2 enabled

Highlighted

@aniketvpandey 

 

The TLS communication is on localhost :444, any chance there is a new FW rule that cause issues?

 

Some of the cases we know about were resolved by making sure these registry values are set to 0 (1 is not the default)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL]

"DisableRenegoOnServer"=dword:00000001

"DisableRenegoOnClient"=dword:00000001

 

Was ADFS installed on this machine by any chance?