SOLVED

Error=82 - ATP Service not starting

%3CLINGO-SUB%20id%3D%22lingo-sub-550913%22%20slang%3D%22en-US%22%3EError%3D82%20-%20ATP%20Service%20not%20starting%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-550913%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20installed%20the%20ATP%20Sensor%20on%20a%20DC%20but%20the%20%22Azure%20Advanced%20Threat%20Protection%20Sensor%22%20is%20not%20able%20to%20start.%20Service%20is%20being%20run%20as%20%22Local%20System%22.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOur%20internal%20AD%20domain%20is%20a%20%22.net%22%20and%20external%20Azure%20domain%20is%20%22.com%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESeeing%20Error%2082%20in%20the%20logs.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3C%2FP%3E%3CP%3EDirectoryServicesClient%20Creating%3CBR%20%2F%3E2019-05-09%2000%3A54%3A34.1329%20Info%20DirectoryServicesClient%20CreateLdapConnectionAsync%20failed%20to%20connect%20%5B%3CSTRONG%3EDomainControllerDnsName%3DAD06P.mydomain.net%20Domain%3Dmydomain.com%3C%2FSTRONG%3E%20UserName%3Dsvc_atp%20ErrorCode%3D82%5D%3CBR%20%2F%3E%3CBR%20%2F%3E2019-05-09%2000%3A54%3A34.6316%20Error%20DirectoryServicesClient%2B%3CCREATELDAPCONNECTIONASYNC%3Ed__33%20Microsoft.Tri.Infrastructure.ExtendedException%3A%20CreateLdapConnectionAsync%20failed%20%5BDomainControllerDnsName%3DAD06P.mydomain.net%5D%3CBR%20%2F%3Eat%20async%20Task%3CLDAPCONNECTION%3E%20Microsoft.Tri.Sensor.DirectoryServicesClient.CreateLdapConnectionAsync(DomainControllerConnectionData%20domainControllerConnectionData%2C%20bool%20isGlobalCatalog%2C%20bool%20isTraversing)%3CBR%20%2F%3Eat%20async%20Task%3CBOOL%3E%20Microsoft.Tri.Sensor.DirectoryServicesClient.TryCreateLdapConnectionAsync(DomainControllerConnectionData%20domainControllerConnectionData%2C%20bool%20isGlobalCatalog%2C%20bool%20isTraversing)%3CBR%20%2F%3E2019-05-09%2000%3A54%3A34.6472%20Error%20DirectoryServicesClient%20Microsoft.Tri.Infrastructure.ExtendedException%3A%20Failed%20to%20communicate%20with%20configured%20domain%20controllers%3C%2FBOOL%3E%3C%2FLDAPCONNECTION%3E%3C%2FCREATELDAPCONNECTIONASYNC%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-553461%22%20slang%3D%22en-US%22%3ERe%3A%20Error%3D82%20-%20ATP%20Service%20not%20starting%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-553461%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F10451%22%20target%3D%22_blank%22%3E%40Shaneil%20Narayan%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F94531%22%20target%3D%22_blank%22%3E%40Andrew%20Harris%20(AZURE%20SEC)%3C%2FA%3E%3A%20Is%20this%20something%20you%20can%20speak%20to%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-559082%22%20slang%3D%22en-US%22%3ERe%3A%20Error%3D82%20-%20ATP%20Service%20not%20starting%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-559082%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F10451%22%20target%3D%22_blank%22%3E%40Shaneil%20Narayan%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThis%20error%20is%20telling%20us%20that%20your%20LDAP%20account%20is%20not%20configured%20properly.%26nbsp%3B%20This%20is%20most%20likely%20mistyping%20something%20when%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure-advanced-threat-protection%2Finstall-atp-step2%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Esetting%20up%20there%20account%20here%3C%2FA%3E.%26nbsp%3B%20I%20would%20suggest%20ensuring%20that%20it's%20correct%20there%20and%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure-advanced-threat-protection%2Finstall-atp-step3%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Eredownloading%20the%20Sensor%3C%2FA%3E.%26nbsp%3B%20Ensure%20you%20dont%20put%20%22%3CDOMAIN%3E%5C%3CUSERNAME%3E%22--it%20should%20be%20a%20pure%20%22%3CUSERNAME%3E%22%20where%20the%20Domain%20has%20its%20own%20section%20on%20the%20bottom.%26nbsp%3B%20I%20see%20this%20cause%20some%20confusion%20which%20is%20why%20I%20spell%20it%20out.%26nbsp%3B%20The%20domain%20is%20the%20FQDN%20where%20that%20user%20exists%3B%20it%20isn't%20the%20NETBios%20name%20of%20the%20Forest%20or%20anything%20else.%3C%2FUSERNAME%3E%3C%2FUSERNAME%3E%3C%2FDOMAIN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ELet%20us%20know%20if%20this%20helps!%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

I have installed the ATP Sensor on a DC but the "Azure Advanced Threat Protection Sensor" is not able to start. Service is being run as "Local System".

 

Our internal AD domain is a ".net" and external Azure domain is ".com"

 

Seeing Error 82 in the logs.

 

 

 

=================================================================

DirectoryServicesClient Creating
2019-05-09 00:54:34.1329 Info DirectoryServicesClient CreateLdapConnectionAsync failed to connect [DomainControllerDnsName=AD06P.mydomain.net Domain=mydomain.com UserName=svc_atp ErrorCode=82]

2019-05-09 00:54:34.6316 Error DirectoryServicesClient+<CreateLdapConnectionAsync>d__33 Microsoft.Tri.Infrastructure.ExtendedException: CreateLdapConnectionAsync failed [DomainControllerDnsName=AD06P.mydomain.net]
at async Task<LdapConnection> Microsoft.Tri.Sensor.DirectoryServicesClient.CreateLdapConnectionAsync(DomainControllerConnectionData domainControllerConnectionData, bool isGlobalCatalog, bool isTraversing)
at async Task<bool> Microsoft.Tri.Sensor.DirectoryServicesClient.TryCreateLdapConnectionAsync(DomainControllerConnectionData domainControllerConnectionData, bool isGlobalCatalog, bool isTraversing)
2019-05-09 00:54:34.6472 Error DirectoryServicesClient Microsoft.Tri.Infrastructure.ExtendedException: Failed to communicate with configured domain controllers

 

=================================================================

2 Replies
Highlighted

@Shaneil Narayan 

 

@Andrew Harris (AZURE SEC): Is this something you can speak to? 

Highlighted
Best Response confirmed by Shaneil Narayan (New Contributor)
Solution

@Shaneil Narayan 

 

This error is telling us that your LDAP account is not configured properly.  This is most likely mistyping something when setting up there account here.  I would suggest ensuring that it's correct there and redownloading the Sensor.  Ensure you dont put "<Domain>\<username>"--it should be a pure "<username>" where the Domain has its own section on the bottom.  I see this cause some confusion which is why I spell it out.  The domain is the FQDN where that user exists; it isn't the NETBios name of the Forest or anything else.

 

Let us know if this helps!