cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Microsoft Advanced Threat Analytics Gateway Error

imtiyazali73
Copper Contributor

‎Jul 30 2020 08:03 AM

‎Jul 30 2020 08:03 AM

Microsoft Advanced Threat Analytics Gateway Error

We are getting below highlighted errors in ATA log file "Microsoft.Tri.Gateway".

Can someone please help me to understand this?

 

2020-07-30 04:37:32.4176 7112 49 Error [EventLogException] System.UnauthorizedAccessException: Attempted to perform an unauthorized operation.
at System.Diagnostics.Eventing.Reader.EventLogException.Throw(Int32 errorCode)
at System.Diagnostics.Eventing.Reader.NativeWrapper.EvtSubscribe(EventLogHandle session, SafeWaitHandle signalEvent, String path, String query, EventLogHandle bookmark, IntPtr context, IntPtr callback, Int32 flags)
at System.Diagnostics.Eventing.Reader.EventLogWatcher.StartSubscribing()
at Microsoft.Tri.Gateway.Collection.Events.EventListeners.WindowsEventLogReader.<UpdateWindowsEventLogReaderBookmarksAsync>b__15_1(KeyValuePair`2 _)
at MoreLinq.MoreEnumerable.ForEach[T](IEnumerable`1 source, Action`1 action)
at async Microsoft.Tri.Gateway.Collection.Events.EventListeners.WindowsEventLogReader.UpdateWindowsEventLogReaderBookmarksAsync(?)
at async Microsoft.Tri.Infrastructure.Framework.Module.<>c__DisplayClass30_0.<RegisterPeriodicTask>b__1(?)
at async Microsoft.Tri.Infrastructure.Extensions.TaskExtension.<>c__DisplayClass33_0.<RunPeriodic>b__0(?)
2020-07-30 04:37:35.1051 7112 131 Error [Socket] [NativeErrorCode=10052] System.Net.Sockets.SocketException: The connection has been broken due to keep-alive activity detecting a failure while the operation was in progress

1,884 Views
0 Likes
3 Replies
Reply
3 Replies
Eli Ofek

‎Jul 30 2020 12:14 PM

‎Jul 30 2020 12:14 PM

Re: Microsoft Advanced Threat Analytics Gateway Error

@imtiyazali73 
During deployment the Gateway service account sid is registered to get read access to the local security log. most likely the permissions were revoked either by GPO or CustomSD reg key.

0 Likes
Reply
imtiyazali73

‎Aug 03 2020 11:50 PM

‎Aug 03 2020 11:50 PM

Re: Microsoft Advanced Threat Analytics Gateway Error

We don't have such type of GPO.
How can I fix this
0 Likes
Reply
Eli Ofek

‎Aug 04 2020 02:27 AM

‎Aug 04 2020 02:27 AM

Re: Microsoft Advanced Threat Analytics Gateway Error

@imtiyazali73 , you can try to uninstall and reinstall which will set the permissions again.

Also check for the CustomSD registry key.

if the issue returns, open a support call, as it can be tricky finding out what causes the permissions to revert.. Many times the customers has GPOs they are not even aware of...

0 Likes
Reply