cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Azure ATP Sensors down

Ponniah
Copper Contributor

‎Sep 09 2020 05:52 AM

‎Sep 09 2020 05:52 AM

Azure ATP Sensors down

We have deployed ATP sensor on windows 2012,2016. All it was working fine, suddenly it stopped and when we check the connectivity it was fine, we dont see any drop packets in firewall (i.e from DC to Azure ATP Console). We manually restarted the ATP service it was not starting and found the atp.azure.com cert got renewed on the same day. when we check the error logs

Error CommunicationWebClient+<SendWithRetryAsync>d__9`1 Microsoft.Tri.Infrastructure.ExtendedException: Sanitized exception: [Type=System.Net.Http.HttpRequestExceptionMessage=7INzM3PVZQKggOiiHcWjqw==StackTrace= at async Task<HttpResponseMessage> System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task<HttpResponseMessage> sendTask, HttpRequestMessage request, CancellationTokenSource cts, bool disposeCts)
at async Task<TResponse> Microsoft.Tri.CommonCommunication.CommunicationWebClient.SendAsync<TResponse>(byte[] requestBytes, int offset, int count)
at async Task<TResponse> Microsoft.Tri.CommonCommunication.CommunicationWebClient.SendWithRetryAsync<TResponse>(byte[] requestBytes, int offset, int count)InnerException=Microsoft.Tri.Infrastructure.ExtendedException: Sanitized exception: [Type=System.Net.WebExceptionMessage=qxPMwGWd5A+ohATP3KLBtQ==StackTrace= at Stream System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, out TransportContext context)
at void System.Net.Http.HttpClientHandler.GetRequestStreamCallback(IAsyncResult ar)InnerException=Microsoft.Tri.Infrastructure.ExtendedException: Sanitized exception: [Type=System.Security.Authentication.AuthenticationExceptionMessage=eWPX0eZRxHvsLJzXHd8Smw==StackTrace= at void System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)
at void System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)InnerException=]]]
at async Task<TResponse> Microsoft.Tri.CommonCommunication.CommunicationWebClient.SendWithRetryAsync<TResponse>(byte[] requestBytes, int offset, int count)
at async Task<TResponse> Microsoft.Tri.CommonCommunication.CommunicationWebClient.SendAsync<TResponse>(IRequestWithResponse<TResponse> request)
at TResult Microsoft.Tri.Infrastructure.TaskExtension.Await<TResult>(Task<TResult> task)
at new Microsoft.Tri.Sensor.Common.CommonSensorModuleManager()
at new Microsoft.Tri.Sensor.Updater.SensorUpdaterModuleManager()
at ModuleManager Microsoft.Tri.Sensor.Updater.SensorUpdaterService.CreateModuleManager()
at async Task Microsoft.Tri.Infrastructure.Service.OnStartAsync()
at void Microsoft.Tri.Infrastructure.TaskExtension.Await(Task task)
at void Microsoft.Tri.Infrastructure.Service.OnStart(string[] args)

 

Could you please help me with the error message, what will be issue caused the ATP sensor to down. 

2,411 Views
0 Likes
1 Reply
Reply
1 Reply
Eli Ofek

‎Sep 09 2020 06:24 AM

‎Sep 09 2020 06:24 AM

Re: Azure ATP Sensors down

@Ponniah Indeed the certs were changed , to new ones with a new Root.

most likely your machine is not yet trusting the new root "DigiCert Global Root".

We updated the docs with the steps needed to fix this, take a look here:

https://docs.microsoft.com/en-us/azure-advanced-threat-protection/troubleshooting-atp-known-issues#p...

 

0 Likes
Reply