cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

failed to connect - ResultCode=82 - AATPSensor in start pending

AndreBaker
Copper Contributor

‎May 09 2022 09:23 AM - edited ‎May 11 2022 02:56 AM

‎May 09 2022 09:23 AM - edited ‎May 11 2022 02:56 AM

failed to connect - ResultCode=82 - AATPSensor in start pending

A number of our W2019 domain controllers have the AATSensor service in "Start pending".

 

Yesterday AATPSensors appeared to have updated, but we have seen some domain controllers with a AATPService in "Start pending" for a while.

 

On one of the domain controller we tried to remove npcap, then Azure ATP Sensor. The uninstall of the software terminated in a generic MSI error 1603/0x643. Attempts to install Azure ATP Sensor failed with the same generic error 1603 again. We also tried rebooting or to install using the SYSTEM account to no avail.

 

We are not sure where to look next. Any pointers are appreciated.

 

 

 

The Microsoft.Tri.Sensor.log logs:

2022-05-09 15:41:38.3048 Debug DirectoryServicesClient SetState Creating
2022-05-09 15:41:38.3517 Info DirectoryServicesClient CreateLdapConnectionAsync failed to connect [DomainControllerDnsName=domaincontroller.thisdomain.com Domain=thisdomainforest.com UserName=ATPAccount ResultCode=82]
2022-05-09 15:41:38.5392 Error DirectoryServicesClient+<CreateLdapConnectionAsync>d__41 Microsoft.Tri.Infrastructure.ExtendedException: CreateLdapConnectionAsync failed [DomainControllerDnsName=domaincontroller.thisdomain.com]
at ....
2022-05-09 15:41:38.5392 Error DirectoryServicesClient Microsoft.Tri.Infrastructure.ExtendedException: Failed to communicate with configured domain controllers
at ...

 

The Microsoft.Tri.Sensor-Errors.log:

2022-05-09 15:41:04.2470 Error DirectoryServicesClient+<CreateLdapConnectionAsync>d__41 Microsoft.Tri.Infrastructure.ExtendedException: CreateLdapConnectionAsync failed [DomainControllerDnsName=domaincontroller.thisdomain.com]
at ...
2022-05-09 15:41:04.2626 Error DirectoryServicesClient Microsoft.Tri.Infrastructure.ExtendedException: Failed to communicate with configured domain controllers
at ...

Microsoft.Tri.Sensor.Updater.log

2022-05-09 15:32:45.9405 Error ServiceControllerExtension ChangeServiceStatus failed to change service status [name=AATPSensor status=Running Exception=System.ServiceProcess.TimeoutException: Time out has expired and the operation has not been completed.
at System.ServiceProcess.ServiceController.WaitForStatus(ServiceControllerStatus desiredStatus, TimeSpan timeout)
at Microsoft.Tri.Infrastructure.ServiceControllerExtension.ChangeServiceStatus(String name, ServiceControllerStatus status, TimeSpan timeout, Nullable`1 awaitedStatus)]
2022-05-09 15:32:45.9405 Debug SoftwareUpdater RunTaskAsync Task completed [name=CheckSoftwareUpdatesAsync Elapsed=00:01:00.2699091]
2022-05-09 15:38:46.0738 Error ServiceControllerExtension ChangeServiceStatus failed to change service status [name=AATPSensor status=Running Exception=System.ServiceProcess.TimeoutException: Time out has expired and the operation has not been completed.
at System.ServiceProcess.ServiceController.WaitForStatus(ServiceControllerStatus desiredStatus, TimeSpan timeout)
at Microsoft.Tri.Infrastructure.ServiceControllerExtension.ChangeServiceStatus(String name, ServiceControllerStatus status, TimeSpan timeout, Nullable`1 awaitedStatus)]
2022-05-09 15:38:46.0738 Debug SoftwareUpdater RunTaskAsync Task completed [name=CheckSoftwareUpdatesAsync Elapsed=00:01:00.1244165]

Microsoft.Tri.Sensor.Updater-Errors.log

2022-05-09 15:32:45.9405 Error ServiceControllerExtension ChangeServiceStatus failed to change service status [name=AATPSensor status=Running Exception=System.ServiceProcess.TimeoutException: Time out has expired and the operation has not been completed.
at System.ServiceProcess.ServiceController.WaitForStatus(ServiceControllerStatus desiredStatus, TimeSpan timeout)
at Microsoft.Tri.Infrastructure.ServiceControllerExtension.ChangeServiceStatus(String name, ServiceControllerStatus status, TimeSpan timeout, Nullable`1 awaitedStatus)]
2022-05-09 15:38:46.0738 Error ServiceControllerExtension ChangeServiceStatus failed to change service status [name=AATPSensor status=Running Exception=System.ServiceProcess.TimeoutException: Time out has expired and the operation has not been completed.
at System.ServiceProcess.ServiceController.WaitForStatus(ServiceControllerStatus desiredStatus, TimeSpan timeout)
at Microsoft.Tri.Infrastructure.ServiceControllerExtension.ChangeServiceStatus(String name, ServiceControllerStatus status, TimeSpan timeout, Nullable`1 awaitedStatus)]

 Microsoft.Tri.Sensor.Deployment.Deployer_20220508083018.log 

2022-05-08 08:30:31.1356 Error ServiceControllerExtension ChangeServiceStatus failed to change service status [name=AATPSensor status=Stopped Exception=System.InvalidOperationException: Cannot stop AATPSensor service on computer '.'. ---> System.ComponentModel.Win32Exception: The service has not been started
--- End of inner exception stack trace ---
at ...

Uninstalled  Azure Advanced Threat Protection. Then tried install again.

Azure Advanced Threat Protection Sensor_20220509160047.log

[1148:1E90][2022-05-09T16:00:48]i000: 2022-05-09 14:00:48.4236 Error DeploymentManager ShowErrorMessage System.ArgumentNullException: Value cannot be null.
Parameter name: path1
at ...
[1148:1E90][2022-05-09T16:00:48]i000: 2022-05-09 14:00:48.4236 Debug SensorBootstrapperApplication Run Engine.Quit [\[]deploymentResultStatus=1603 isRestartRequired=False[\]]
[1148:0E0C][2022-05-09T16:00:48]i500: Shutting down, exit code: 0x643
...
[1148:0E0C][2022-05-09T16:00:48]i007: Exit code: 0x643, restarting: No

 

2,790 Views
0 Likes
3 Replies
Reply
3 Replies
Eli Ofek

‎May 09 2022 01:03 PM

‎May 09 2022 01:03 PM

Re: failed to connect - ResultCode=82 - AATPSensor in start pending

Error 82 is tricky. It can be many things from time skew between the sensor and the target DC, mismatch in authentication protocols, and more.
Sometimes a reboot solves this issue.
The bigger issue looks like the machien got into a limbo state regarding the sensor install.
I suggest to open a support ticket, and have support help you clean up the sensor leftovers from the machine so the install till pass.
Then, if error 82 persist, help with troubleshooting it.
0 Likes
Reply
Jeffrey

‎May 17 2022 04:05 PM

‎May 17 2022 04:05 PM

Re: failed to connect - ResultCode=82 - AATPSensor in start pending

Seeing the same issue the last week
0 Likes
Reply
noblevarghese

‎Sep 14 2022 12:04 AM

‎Sep 14 2022 12:04 AM

Re: failed to connect - ResultCode=82 - AATPSensor in start pending

@Jeffrey @Eli Ofek 

 

2022-X-XX 09:59:23.3364 Info DirectoryServicesClient CreateLdapConnectionAsync failed to connect [DomainControllerDnsName=XX1.XX.XXXXX.com Domain=XX.XXX.com UserName=XX_XX_gmsa ResultCode=82]

Getting the same error in multiple DCs in a child domain. Any suggestions? Were you able to sort this out?

0 Likes
Reply