My MDI can't test the alarm, I'm going crazy, please help me,

New Contributor

My MDI can't test the alarm, I'm going crazy, please help me, this is my deployment:
1. DC is in the vm virtual machine, TSO has been disabled (Large Send Offload V2 (IPv4) and Large Send Offload V2 (IPv6) )
2. Use the domain administrator account (password) to become the Directory Service account
3. The sensor has been installed, the console shows the operating status is normal (green), and there are no errors.
4. Manage action accounts is not configured, I think this is not necessary for nslookup test alarm
5. The Windows event log should be configured correctly (I'm not sure)

A single DC Windows server 2019 nslookup fails to alert

Win10+DC Windows server 2016 nslookup fails to alert

The test command is as follows:

nslookup
server DC.**bleep**.local
ls -d **bleep**.local

I don't know what went wrong, or how to generate test alerts in the easiest way, thanks a lot if you could tell me.

3 Replies
I found the sensor upgrade error log (Microsoft.Tri.Sensor.Updater-Errors)
There is a problem with the time in the log, I think this does not affect the alarm test.

2022-09-20 02:00:53.1324 Error TaskAwaiter Run actionAsync failed
System.Threading.Tasks.TaskCanceledException: A task was canceled.
at void Microsoft.Tri.Sensor.Updater.SensorUpdaterService+<>c__DisplayClass2_0+<<OnPreShutdownCommand>b__0>d.MoveNext()
at void Microsoft.Tri.Infrastructure.TaskExtension+<>c__DisplayClass19_0+<<Run>b__0>d.MoveNext()
2022-09-20 02:01:48.3133 Error CommunicationWebClient+<SendWithRetryAsync>d__9`1 Microsoft.Tri.Infrastructure.ExtendedException: Sanitized exception: [Type=System.Net.Http.HttpRequestExceptionMessage=7INzM3PVZQKggOiiHcWjqw==StackTrace= at async Task<HttpResponseMessage > System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task<HttpResponseMessage> sendTask, HttpRequestMessage request, CancellationTokenSource cts, bool disposeCts)
at async Task<TResponse> Microsoft.Tri.Common.CommunicationWebClient.SendAsync<TResponse>(byte[] requestBytes, int offset, int count)
at async Task<TResponse> Microsoft.Tri.Common.CommunicationWebClient.SendWithRetryAsync<TResponse>(byte[] requestBytes, int offset, int count)InnerException=Microsoft.Tri.Infrastructure.ExtendedException: Sanitized exception: [Type=System.Net. WebExceptionMessage=Tcl1itTb1v4AvrpxC7xpag==StackTrace= at Stream System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, out TransportContext context)
at void System.Net.Http.HttpClientHandler.GetRequestStreamCallback(IAsyncResult ar)InnerException=]]
at async Task<TResponse> Microsoft.Tri.Common.CommunicationWebClient.SendWithRetryAsync<TResponse>(byte[] requestBytes, int offset, int count)
at async Task<TResponse> Microsoft.Tri.Common.CommunicationWebClient.SendAsync<TResponse>(IRequestWithResponse<TResponse> request)
at async Task<SensorConfiguration> Microsoft.Tri.Sensor.Updater.SensorUpdaterModuleManager.GetSensorConfigurationAsync(CommunicationWebClient workspaceApplicationSensorApiWebClient, X509Certificate2 sensorCertificate)
at TResult Microsoft.Tri.Infrastructure.TaskExtension.Await<TResult>(Task<TResult> task)
at new Microsoft.Tri.Sensor.Common.CommonSensorModuleManager()
at new Microsoft.Tri.Sensor.Updater.SensorUpdaterModuleManager()
at ModuleManager Microsoft.Tri.Sensor.Updater.SensorUpdaterService.CreateModuleManager()
at async Task Microsoft.Tri.Infrastructure.Service.OnStartAsync()
at void Microsoft.Tri.Infrastructure.TaskExtension.Await(Task task)
at void Microsoft.Tri.Infrastructure.Service.OnStart(string[] args)
2022-09-20 02:01:56.1728 Error CommunicationWebClient+<SendWithRetryAsync>d__9`1 Microsoft.Tri.Infrastructure.ExtendedException: Sanitized exception: [Type=System.Net.Http.HttpRequestExceptionMessage=7INzM3PVZQKggOiiHcWjqw==StackTrace= at async Task<HttpResponseMessage > System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task<HttpResponseMessage> sendTask, HttpRequestMessage request, CancellationTokenSource cts, bool disposeCts)
at async Task<TResponse> Microsoft.Tri.Common.CommunicationWebClient.SendAsync<TResponse>(byte[] requestBytes, int offset, int count)
at async Task<TResponse> Microsoft.Tri.Common.CommunicationWebClient.SendWithRetryAsync<TResponse>(byte[] requestBytes, int offset, int count)InnerException=Microsoft.Tri.Infrastructure.ExtendedException: Sanitized exception: [Type=System.Net. WebExceptionMessage=Tcl1itTb1v4AvrpxC7xpag==StackTrace= at Stream System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, out TransportContext context)
at void System.Net.Http.HttpClientHandler.GetRequestStreamCallback(IAsyncResult ar)InnerException=]]
at async Task<TResponse> Microsoft.Tri.Common.CommunicationWebClient.SendWithRetryAsync<TResponse>(byte[] requestBytes, int offset, int count)
at async Task<TResponse> Microsoft.Tri.Common.CommunicationWebClient.SendAsync<TResponse>(IRequestWithResponse<TResponse> request)
at async Task<SensorConfiguration> Microsoft.Tri.Sensor.Updater.SensorUpdaterModuleManager.GetSensorConfigurationAsync(CommunicationWebClient workspaceApplicationSensorApiWebClient, X509Certificate2 sensorCertificate)
at TResult Microsoft.Tri.Infrastructure.TaskExtension.Await<TResult>(Task<TResult> task)
at new
I get a connection error, but I have turned off the firewall

2022-09-20 07:46:36.0056 Error ExceptionDispatchInfo RunPeriodic <RegisterPeriodicTask>b__1 failed
System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: A connection that was expected to be kept alive was closed by the server. ---> System.IO.IOException: Unable to read data from the transport connection: 远程主机强迫关闭了一个现有的连接。. ---> System.Net.Sockets.SocketException: 远程主机强迫关闭了一个现有的连接。
at int System.Net.Sockets.Socket.EndReceive(IAsyncResult asyncResult)
at int System.Net.Sockets.NetworkStream.EndRead(IAsyncResult asyncResult)
--- End of inner exception stack trace ---
at int System.Net.Security._SslStream.EndRead(IAsyncResult asyncResult)
at int System.Net.TlsStream.EndRead(IAsyncResult asyncResult)
at void System.Net.Connection.ReadCallback(IAsyncResult asyncResult)
--- End of inner exception stack trace ---
at WebResponse System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at void System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)
--- End of inner exception stack trace ---
at async Task<HttpResponseMessage> System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task<HttpResponseMessage> sendTask, HttpRequestMessage request, CancellationTokenSource cts, bool disposeCts)
at async Task<TResponse> Microsoft.Tri.Common.CommunicationWebClient.SendAsync<TResponse>(byte[] requestBytes, int offset, int count)
at async Task<TResponse> Microsoft.Tri.Common.CommunicationWebClient.SendWithRetryAsync<TResponse>(byte[] requestBytes, int offset, int count)
at async Task<TResponse> Microsoft.Tri.Common.CommunicationWebClient.SendAsync<TResponse>(IRequestWithResponse<TResponse> request)
at async Task<TResponse> Microsoft.Tri.Sensor.Common.ServiceProxy<TWebClientConfiguration>.SendAsync<TResponse>(IRequestWithResponse<TResponse> request)
at async Task<DomainControllerSyncData> Microsoft.Tri.Sensor.DirectoryServicesResolver.GetDomainControllerSyncDataAsync(Domain domain)
at async Task Microsoft.Tri.Sensor.DirectoryServicesResolver.UpdateDirectoryEntityChangesAsync()
at async Task Microsoft.Tri.Infrastructure.Module.RunTaskAsync(Func<Task> actionAsync, string name, SimpleTimeMetric timeMetric)
at void Microsoft.Tri.Infrastructure.Module+<>c__DisplayClass28_0+<<RegisterPeriodicTask>b__1>d.MoveNext()
at void Microsoft.Tri.Infrastructure.TaskExtension+<>c__DisplayClass22_0+<<RunPeriodic>b__0>d.MoveNext()
2022-09-20 07:53:00.0466 Error ExceptionDispatchInfo RunPeriodic <RegisterPeriodicTask>b__1 failed
System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive. ---> System.IO.IOException: Unable to read data from the transport connection: 远程主机强迫关闭了一个现有的连接。. ---> System.Net.Sockets.SocketException: 远程主机强迫关闭了一个现有的连接。
at int System.Net.Sockets.Socket.EndReceive(IAsyncResult asyncResult)
at int System.Net.Sockets.NetworkStream.EndRead(IAsyncResult asyncResult)
--- End of inner exception stack trace ---
at int System.Net.Security._SslStream.EndRead(IAsyncResult asyncResult)
at int System.Net.TlsStream.EndRead(IAsyncResult asyncResult)
at void System.Net.Connection.ReadCallback(IAsyncResult asyncResult)
--- End of inner exception stack trace ---
at WebResponse System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at void System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)
--- End of inner exception stack trace ---
at async Task<HttpResponseMessage> System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task<HttpResponseMessage> sendTask, HttpRequestMessage request, CancellationTokenSource cts, bool disposeCts)
at async Task<TResponse> Microsoft.Tri.Common.CommunicationWebClient.SendAsync<TResponse>(byte[] requestBytes, int offset, int count)
at async Task<TResponse> Microsoft.Tri.Common.CommunicationWebClient.SendWithRetryAsync<TResponse>(byte[] requestBytes, int offset, int count)
at async Task Microsoft.Tri.Common.CommunicationWebClient.SendAsync(IVoidRequest request)
at async Task Microsoft.Tri.Sensor.Common.ServiceProxy<TWebClientConfiguration>.SendAsync(IVoidRequest request)
at async Task Microsoft.Tri.Sensor.SensorResourceManager.UpsertMonitoringAlertAsync()
at async Task Microsoft.Tri.Infrastructure.Module.RunTaskAsync(Func<Task> actionAsync, string name, SimpleTimeMetric timeMetric)
at void Microsoft.Tri.Infrastructure.Module+<>c__DisplayClass28_0+<<RegisterPeriodicTask>b__1>d.MoveNext()
at void Microsoft.Tri.Infrastructure.TaskExtension+<>c__DisplayClass22_0+<<RunPeriodic>b__0>d.MoveNext()
2022-09-20 07:45:45.3352 Warn EventActivityEntityResolver ResolveLdapSearchDebuggingEventAsync ldapSearchDebuggingEvent detected [Time=09/20/2022 07:45:44 BaseObject=DC=testbug,DC=com RequiredAttributes=distinguishedName SearchScope=subtree SearchFilter= ( & ( | (objectClass=user) (objectClass=computer) (objectClass=group) ) (objectSid=S-1-5-21-1565902300-91303804-2055468830-1107) ) SourceComputerId= SourceComputerName= SourceComputerIpAddress=fe80::89dd:539:eb6:4b27 DestinationComputerId= DestinationComputerName=DomainName= Name=DC.testbug.com Client=[fe80::89dd:539:eb6:4b27%5]:58058 ReturnedEntries=1 SourceAccountSid=S-1-5-21-1565902300-91303804-2055468830-500 SourceAccountName=TESTBUG\Administrator SourceAccountId=c0f7e76b-2d4f-452c-9be8-2ba91294c97e]
2022-09-20 07:45:45.3352 Warn EventActivityEntityResolver ResolveLdapSearchDebuggingEventAsync ldapSearchDebuggingEvent detected [Time=09/20/2022 07:45:44 BaseObject=CN=血精灵elf,CN=Users,DC=testbug,DC=com RequiredAttributes=canonicalName,objectClass,whenCreated,displayName,distinguishedName,objectGUID,isDeleted,name,nTSecurityDescriptor,objectSid,whenChanged,sAMAccountType,description,adminCount,isCriticalSystemObject,memberOf,tokenGroups,sAMAccountName,sIDHistory,badPasswordTime,msDS-AllowedToDelegateTo,accountExpires,lockoutTime,msDS-UserPasswordExpiryTimeComputed,pwdLastSet,primaryGroupID,msDS-AllowedToActOnBehalfOfOtherIdentity,servicePrincipalName,msDS-SupportedEncryptionTypes,userPrincipalName,userAccountControl,msDS-User-Account-Control-Computed,department,givenName,lastLogon,lastLogonTimestamp,sn,mail,manager,mobile,physicalDeliveryOfficeName,telephoneNumber,thumbnailPhoto,title,dNSHostName,serverReferenceBL,msDS-GroupMSAMembership,operatingSystem,operatingSystemServicePack,operatingSystemVersion,member,groupType SearchScope=base SearchFilter= ( | (objectClass=user) (objectClass=computer) (objectClass=group) ) SourceComputerId= SourceComputerName= SourceComputerIpAddress=fe80::89dd:539:eb6:4b27 DestinationComputerId= DestinationComputerName=DomainName= Name=DC.testbug.com Client=[fe80::89dd:539:eb6:4b27%5]:58059 ReturnedEntries=1 SourceAccountSid=S-1-5-21-1565902300-91303804-2055468830-500 SourceAccountName=TESTBUG\Administrator SourceAccountId=c0f7e76b-2d4f-452c-9be8-2ba91294c97e]
2022-09-20 07:45:49.0213 Warn EventActivityEntityResolver ResolveLdapSearchDebuggingEventAsync ldapSearchDebuggingEvent detected [Time=09/20/2022 07:45:48 BaseObject=CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testbug,DC=com RequiredAttributes=canonicalName,objectClass,whenCreated,displayName,distinguishedName,objectGUID,isDeleted,name,nTSecurityDescriptor,objectSid,whenChanged,msDS-HasDomainNCs,invocationId,msDS-isRODC,options SearchScope=base SearchFilter= (objectClass=*) SourceComputerId= SourceComputerName= SourceComputerIpAddress=fe80::89dd:539:eb6:4b27 DestinationComputerId= DestinationComputerName=DomainName= Name=DC.testbug.com Client=[fe80::89dd:539:eb6:4b27%5]:58061 ReturnedEntries=1 SourceAccountSid=S-1-5-21-1565902300-91303804-2055468830-500 SourceAccountName=TESTBUG\Administrator SourceAccountId=c0f7e76b-2d4f-452c-9be8-2ba91294c97e]
2022-09-20 07:46:36.0056 Error ExceptionDispatchInfo RunPeriodic <RegisterPeriodicTask>b__1 failed
System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: A connection that was expected to be kept alive was closed by the server. ---> System.IO.IOException: Unable to read data from the transport connection: 远程主机强迫关闭了一个现有的连接。. ---> System.Net.Sockets.SocketException: 远程主机强迫关闭了一个现有的连接。
at int System.Net.Sockets.Socket.EndReceive(IAsyncResult asyncResult)
at int System.Net.Sockets.NetworkStream.EndRead(IAsyncResult asyncResult)
--- End of inner exception stack trace ---
at int System.Net.Security._SslStream.EndRead(IAsyncResult asyncResult)
at int System.Net.TlsStream.EndRead(IAsyncResult asyncResult)
at void System.Net.Connection.ReadCallback(IAsyncResult asyncResult)
--- End of inner exception stack trace ---
at WebResponse System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at void System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)
--- End of inner exception stack trace ---
at async Task<HttpResponseMessage> System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task<HttpResponseMessage> sendTask, HttpRequestMessage request, CancellationTokenSource cts, bool disposeCts)
at async Task<TResponse> Microsoft.Tri.Common.CommunicationWebClient.SendAsync<TResponse>(byte[] requestBytes, int offset, int count)
at async Task<TResponse> Microsoft.Tri.Common.CommunicationWebClient.SendWithRetryAsync<TResponse>(byte[] requestBytes, int offset, int count)
at async Task<TResponse> Microsoft.Tri.Common.CommunicationWebClient.SendAsync<TResponse>(IRequestWithResponse<TResponse> request)
at async Task<TResponse> Microsoft.Tri.Sensor.Common.ServiceProxy<TWebClientConfiguration>.SendAsync<TResponse>(IRequestWithResponse<TResponse> request)
at async Task<DomainControllerSyncData> Microsoft.Tri.Sensor.DirectoryServicesResolver.GetDomainControllerSyncDataAsync(Domain domain)
at async Task Microsoft.Tri.Sensor.DirectoryServicesResolver.UpdateDirectoryEntityChangesAsync()
at async Task Microsoft.Tri.Infrastructure.Module.RunTaskAsync(Func<Task> actionAsync, string name, SimpleTimeMetric timeMetric)
at void Microsoft.Tri.Infrastructure.Module+<>c__DisplayClass28_0+<<RegisterPeriodicTask>b__1>d.MoveNext()
at void Microsoft.Tri.Infrastructure.TaskExtension+<>c__DisplayClass22_0+<<RunPeriodic>b__0>d.MoveNext()