Nov 28 2019 04:22 AM
Hi,
Starting November 25th, most of the sensors connected to azure atp cloud service using proxy went offline.
Our proxy/firewall setup is only allowing access to Europe (the specific ULRs - Europe).
Ever since then, the azure atp sensor service is in restarting state, without being able to start.
That wouldn't normally be a problem, if while trying to connect to azure cloud service, didn't open like tens of connections to the proxy, all of them appearing with status time-out.
Later, we discovered that because of all of these connections initiated, that never received a response back from the proxy, the domain controller stopped responding (dcdiag, authentication and replication fails).
Question: is this a normal behaviour of the agent (to consume all the ports while trying to reach the workspace in a context of non-responsive proxy)?
We were forced to kill the 2 processes, and set the 2 services to disabled and a ticket was raised with MS.
I was wondering if anyone experienced such issues, and/or if someone from Microsoft can tell me if this might be related to the issues reported on November 25th and 26th on https://health.atp.azure.com.
Thank you in advance!
Nov 28 2019 01:39 PM
@mcliviu , Hi,
This is not expected, although if you have a unique proxy setup it might induced a state we did not expect.
If correlated to the outage period, it might have been some kind of trigger,
which I am interested to research, but so far I didn't see any other similar reports.
Is starting the sensor again after the outage was over still caused issues?
You mentioned you opened a ticket with support on this one.
Can you share with me in a private message the case #, or ask the support engineer to add me to the email thread?
Thanks,
Eli