Error=82 - ATP Service not starting

Copper Contributor

I have installed the ATP Sensor on a DC but the "Azure Advanced Threat Protection Sensor" is not able to start. Service is being run as "Local System".


Our internal AD domain is a ".net" and external Azure domain is ".com"


Seeing Error 82 in the logs.





DirectoryServicesClient Creating
2019-05-09 00:54:34.1329 Info DirectoryServicesClient CreateLdapConnectionAsync failed to connect [ UserName=svc_atp ErrorCode=82]

2019-05-09 00:54:34.6316 Error DirectoryServicesClient+<CreateLdapConnectionAsync>d__33 Microsoft.Tri.Infrastructure.ExtendedException: CreateLdapConnectionAsync failed []
at async Task<LdapConnection> Microsoft.Tri.Sensor.DirectoryServicesClient.CreateLdapConnectionAsync(DomainControllerConnectionData domainControllerConnectionData, bool isGlobalCatalog, bool isTraversing)
at async Task<bool> Microsoft.Tri.Sensor.DirectoryServicesClient.TryCreateLdapConnectionAsync(DomainControllerConnectionData domainControllerConnectionData, bool isGlobalCatalog, bool isTraversing)
2019-05-09 00:54:34.6472 Error DirectoryServicesClient Microsoft.Tri.Infrastructure.ExtendedException: Failed to communicate with configured domain controllers



2 Replies

@Shaneil Narayan 


@Andrew Harris (AZURE SEC): Is this something you can speak to? 

best response confirmed by Shaneil Narayan (Copper Contributor)

@Shaneil Narayan 


This error is telling us that your LDAP account is not configured properly.  This is most likely mistyping something when setting up there account here.  I would suggest ensuring that it's correct there and redownloading the Sensor.  Ensure you dont put "<Domain>\<username>"--it should be a pure "<username>" where the Domain has its own section on the bottom.  I see this cause some confusion which is why I spell it out.  The domain is the FQDN where that user exists; it isn't the NETBios name of the Forest or anything else.


Let us know if this helps!