Error=82 - ATP Service not starting

Copper Contributor

I have installed the ATP Sensor on a DC but the "Azure Advanced Threat Protection Sensor" is not able to start. Service is being run as "Local System".

 

Our internal AD domain is a ".net" and external Azure domain is ".com"

 

Seeing Error 82 in the logs.

 

 

 

=================================================================

DirectoryServicesClient Creating
2019-05-09 00:54:34.1329 Info DirectoryServicesClient CreateLdapConnectionAsync failed to connect [DomainControllerDnsName=AD06P.mydomain.net Domain=mydomain.com UserName=svc_atp ErrorCode=82]

2019-05-09 00:54:34.6316 Error DirectoryServicesClient+<CreateLdapConnectionAsync>d__33 Microsoft.Tri.Infrastructure.ExtendedException: CreateLdapConnectionAsync failed [DomainControllerDnsName=AD06P.mydomain.net]
at async Task<LdapConnection> Microsoft.Tri.Sensor.DirectoryServicesClient.CreateLdapConnectionAsync(DomainControllerConnectionData domainControllerConnectionData, bool isGlobalCatalog, bool isTraversing)
at async Task<bool> Microsoft.Tri.Sensor.DirectoryServicesClient.TryCreateLdapConnectionAsync(DomainControllerConnectionData domainControllerConnectionData, bool isGlobalCatalog, bool isTraversing)
2019-05-09 00:54:34.6472 Error DirectoryServicesClient Microsoft.Tri.Infrastructure.ExtendedException: Failed to communicate with configured domain controllers

 

=================================================================

1 Reply

@Shaneil Narayan , does svc_atp have read permission in AD06P.mydomain.net ?

Is this a multi forest scenario? is the sensor located in a different forest from AD06P.mydomain.net  ? If so, you need to provide credentials for each forest in the configuration page in the console UI.