Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

MDI Sensor service wont start on AD FS server

Brass Contributor

I've installed the MDI sensor on one of my AD FS server according to the guide but the service will not start.

 

According to the logs it through the following exception:

 

2021-01-11 11:11:50.6085 Error Enumerable System.InvalidOperationException: Sequence contains no elements
at TSource System.Linq.Enumerable.First<TSource>(IEnumerable<TSource> source)
at void Microsoft.Tri.Sensor.DomainNetworkCredentialsManager.UpdateConfigurations(ConfigurationCollection configurations)
at Func<Task> Microsoft.Tri.Infrastructure.ActionExtension.ToAsyncFunction(Action action)+(TItem _) => { }
at async Task Microsoft.Tri.Infrastructure.ConfigurationManager.RegisterConfigurationAsync(Func<ConfigurationCollection, Task> onConfigurationsUpdateAsync, Type[] configurationTypes)
at void Microsoft.Tri.Infrastructure.TaskExtension.Await(Task task)
at object lambda_method(Closure, object[])
at object Autofac.Core.Activators.Reflection.ConstructorParameterBinding.Instantiate()
at void Microsoft.Tri.Infrastructure.ModuleManager.AddModules(Type[] moduleTypes)
at new Microsoft.Tri.Sensor.SensorModuleManager()
at ModuleManager Microsoft.Tri.Sensor.SensorService.CreateModuleManager()
at async Task Microsoft.Tri.Infrastructure.Service.OnStartAsync()
at void Microsoft.Tri.Infrastructure.TaskExtension.Await(Task task)
at void Microsoft.Tri.Infrastructure.Service.OnStart(string[] args)

 

The install reported that auditing was not configured correctly but according the to guide it is in place (I can see the events in the security log).

 

Any ideas on what I can do to start the service?

6 Replies
best response confirmed by bjarneabraham (Brass Contributor)
Solution

@bjarneabraham 
go to the sensor list in MDI portal, click on this new sensor name, and add to the list in the dialog a fully qualified DC name that it can use to resolve AD entities.

once that it should start fine within a few minutes. 

@Eli Ofek I'll check and try later and get back, thanks.

It worked :)
I was not able to see this in the install guide?
At the moment I've added two DC's to the list - it do now have a health issue towards one of them which seems strange as the sensor logs indicate that it's communicating with both DCs in the list?
Everything is good now :) Just had to wait a bit...

Sensor Should be installed on ADFS server and ADFS proxy server or ADFS server is enough?@Eli Ofek 

@Ehab_Communities I think that installing on the ADFS server is sufficient. The ADFS-Proxy is just that, a proxy, it does not do any validation of requests, it only passes them through to the actual ADFS server to process.

Atleast that's how I think it works.

 

1 best response

Accepted Solutions
best response confirmed by bjarneabraham (Brass Contributor)
Solution

@bjarneabraham 
go to the sensor list in MDI portal, click on this new sensor name, and add to the list in the dialog a fully qualified DC name that it can use to resolve AD entities.

once that it should start fine within a few minutes. 

View solution in original post