Error=82 - ATP Service not starting

%3CLINGO-SUB%20id%3D%22lingo-sub-550914%22%20slang%3D%22en-US%22%3EError%3D82%20-%20ATP%20Service%20not%20starting%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-550914%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20installed%20the%20ATP%20Sensor%20on%20a%20DC%20but%20the%20%22Azure%20Advanced%20Threat%20Protection%20Sensor%22%20is%20not%20able%20to%20start.%20Service%20is%20being%20run%20as%20%22Local%20System%22.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOur%20internal%20AD%20domain%20is%20a%20%22.net%22%20and%20external%20Azure%20domain%20is%20%22.com%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESeeing%20Error%2082%20in%20the%20logs.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3C%2FP%3E%3CP%3EDirectoryServicesClient%20Creating%3CBR%20%2F%3E2019-05-09%2000%3A54%3A34.1329%20Info%20DirectoryServicesClient%20CreateLdapConnectionAsync%20failed%20to%20connect%20%5B%3CSTRONG%3EDomainControllerDnsName%3DAD06P.mydomain.net%20Domain%3Dmydomain.com%3C%2FSTRONG%3E%20UserName%3Dsvc_atp%20ErrorCode%3D82%5D%3CBR%20%2F%3E%3CBR%20%2F%3E2019-05-09%2000%3A54%3A34.6316%20Error%20DirectoryServicesClient%2B%3CCREATELDAPCONNECTIONASYNC%3Ed__33%20Microsoft.Tri.Infrastructure.ExtendedException%3A%20CreateLdapConnectionAsync%20failed%20%5BDomainControllerDnsName%3DAD06P.mydomain.net%5D%3CBR%20%2F%3Eat%20async%20Task%3CLDAPCONNECTION%3E%20Microsoft.Tri.Sensor.DirectoryServicesClient.CreateLdapConnectionAsync(DomainControllerConnectionData%20domainControllerConnectionData%2C%20bool%20isGlobalCatalog%2C%20bool%20isTraversing)%3CBR%20%2F%3Eat%20async%20Task%3CBOOL%3E%20Microsoft.Tri.Sensor.DirectoryServicesClient.TryCreateLdapConnectionAsync(DomainControllerConnectionData%20domainControllerConnectionData%2C%20bool%20isGlobalCatalog%2C%20bool%20isTraversing)%3CBR%20%2F%3E2019-05-09%2000%3A54%3A34.6472%20Error%20DirectoryServicesClient%20Microsoft.Tri.Infrastructure.ExtendedException%3A%20Failed%20to%20communicate%20with%20configured%20domain%20controllers%3C%2FBOOL%3E%3C%2FLDAPCONNECTION%3E%3C%2FCREATELDAPCONNECTIONASYNC%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-555379%22%20slang%3D%22en-US%22%3ERe%3A%20Error%3D82%20-%20ATP%20Service%20not%20starting%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-555379%22%20slang%3D%22en-US%22%3E%3CP%20style%3D%22text-align%3A%20left%3B%22%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F10451%22%20target%3D%22_blank%22%3E%40Shaneil%20Narayan%3C%2FA%3E%26nbsp%3B%2C%20does%26nbsp%3Bsvc_atp%20have%20read%20permission%20in%26nbsp%3BAD06P.mydomain.net%26nbsp%3B%3F%3C%2FP%3E%0A%3CP%20style%3D%22text-align%3A%20left%3B%22%3EIs%20this%20a%20multi%20forest%20scenario%3F%20is%20the%20sensor%20located%20in%20a%20different%20forest%20from%26nbsp%3BAD06P.mydomain.net%26nbsp%3B%20%3F%20If%20so%2C%20you%20need%20to%20provide%20credentials%20for%20each%20forest%20in%20the%20configuration%20page%20in%20the%20console%20UI.%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

I have installed the ATP Sensor on a DC but the "Azure Advanced Threat Protection Sensor" is not able to start. Service is being run as "Local System".

 

Our internal AD domain is a ".net" and external Azure domain is ".com"

 

Seeing Error 82 in the logs.

 

 

 

=================================================================

DirectoryServicesClient Creating
2019-05-09 00:54:34.1329 Info DirectoryServicesClient CreateLdapConnectionAsync failed to connect [DomainControllerDnsName=AD06P.mydomain.net Domain=mydomain.com UserName=svc_atp ErrorCode=82]

2019-05-09 00:54:34.6316 Error DirectoryServicesClient+<CreateLdapConnectionAsync>d__33 Microsoft.Tri.Infrastructure.ExtendedException: CreateLdapConnectionAsync failed [DomainControllerDnsName=AD06P.mydomain.net]
at async Task<LdapConnection> Microsoft.Tri.Sensor.DirectoryServicesClient.CreateLdapConnectionAsync(DomainControllerConnectionData domainControllerConnectionData, bool isGlobalCatalog, bool isTraversing)
at async Task<bool> Microsoft.Tri.Sensor.DirectoryServicesClient.TryCreateLdapConnectionAsync(DomainControllerConnectionData domainControllerConnectionData, bool isGlobalCatalog, bool isTraversing)
2019-05-09 00:54:34.6472 Error DirectoryServicesClient Microsoft.Tri.Infrastructure.ExtendedException: Failed to communicate with configured domain controllers

 

=================================================================

1 Reply

@Shaneil Narayan , does svc_atp have read permission in AD06P.mydomain.net ?

Is this a multi forest scenario? is the sensor located in a different forest from AD06P.mydomain.net  ? If so, you need to provide credentials for each forest in the configuration page in the console UI.