May 08 2019 08:35 PM
I have installed the ATP Sensor on a DC but the "Azure Advanced Threat Protection Sensor" is not able to start. Service is being run as "Local System".
Our internal AD domain is a ".net" and external Azure domain is ".com"
Seeing Error 82 in the logs.
=================================================================
DirectoryServicesClient Creating
2019-05-09 00:54:34.1329 Info DirectoryServicesClient CreateLdapConnectionAsync failed to connect [DomainControllerDnsName=AD06P.mydomain.net Domain=mydomain.com UserName=svc_atp ErrorCode=82]
2019-05-09 00:54:34.6316 Error DirectoryServicesClient+<CreateLdapConnectionAsync>d__33 Microsoft.Tri.Infrastructure.ExtendedException: CreateLdapConnectionAsync failed [DomainControllerDnsName=AD06P.mydomain.net]
at async Task<LdapConnection> Microsoft.Tri.Sensor.DirectoryServicesClient.CreateLdapConnectionAsync(DomainControllerConnectionData domainControllerConnectionData, bool isGlobalCatalog, bool isTraversing)
at async Task<bool> Microsoft.Tri.Sensor.DirectoryServicesClient.TryCreateLdapConnectionAsync(DomainControllerConnectionData domainControllerConnectionData, bool isGlobalCatalog, bool isTraversing)
2019-05-09 00:54:34.6472 Error DirectoryServicesClient Microsoft.Tri.Infrastructure.ExtendedException: Failed to communicate with configured domain controllers
=================================================================
May 09 2019 12:47 PM
@Shaneil Narayan , does svc_atp have read permission in AD06P.mydomain.net ?
Is this a multi forest scenario? is the sensor located in a different forest from AD06P.mydomain.net ? If so, you need to provide credentials for each forest in the configuration page in the console UI.