Aug 26 2021 12:43 PM
Has anyone seen any of these errors? Trying to install the sensor, but it is failing on both VMWare and HyperV DC. .NET 4.8 is installed and it doesn't matter if NPCap is installed or not. Traffic appears to be getting through the firewall.
2021-08-26 18:53:48.8640 Error EventLogException Deployer failed [arguments=IwODjlqAqQaXxJYpF4fBCw==]
System.Diagnostics.Eventing.Reader.EventLogInvalidDataException: The data is invalid
at void System.Diagnostics.Eventing.Reader.EventLogException.Throw(int errorCode)
at void System.Diagnostics.Eventing.Reader.NativeWrapper.EvtSaveChannelConfig(EventLogHandle channelConfig, int flags)
at bool Microsoft.Tri.Sensor.Deployment.Deployer.ConfigureVirtualServiceAccountAction.ApplyInternal()
at void Microsoft.Tri.Sensor.Common.DeploymentAction.Apply(bool suppressFailure)
at void Microsoft.Tri.Sensor.Common.DeploymentActionGroup.Apply(bool suppressFailure)
at int Microsoft.Tri.Sensor.Deployment.Deployer.Program.Main(string[] commandLineArguments)
[0F20:18C0][2021-08-26T11:53:50]e000: Error 0x80070643: Failed to configure per-machine MSI package.
[0F20:18C0][2021-08-26T11:53:50]i000: 2021-08-26 18:53:50.1290 Error Model LogError [\[]methodName=BootstrapperApplication_ExecutePackageComplete status=-2147023293 exception=[\]]
MSI (s) (54:8C) [11:53:49:943]: Windows Installer installed the product. Product Name: Azure Advanced Threat Protection Sensor. Product Version: 2.0.0.0. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 1603.
Aug 26 2021 02:22 PM
Aug 26 2021 02:29 PM
Aug 26 2021 03:49 PM
Jan 20 2022 01:23 AM
Hello,
I'm facing the same issue. Running an "out of the box" WS2019 domain controller (no specific GPOs applied). I'm running the installation using a domain admin account and npcap 1.0 is installed.
I checked the security log and domain admins have Full control on this event log.
Any idea?
Laurent
Jan 24 2022 06:16 AM
@Laurent_Cardon We're having the exact same issue with out out-of-the-box Server 2019 Domain Controller as well. Were you able to resolve this yourself? I'll poke at the above suggestion for ACLs.
Jan 24 2022 06:30 AM
Jan 24 2022 07:37 AM
Jan 25 2022 04:52 AM
SolutionJan 27 2022 10:02 AM
Feb 13 2022 05:34 AM
@Laurent_Cardon @LisaMelone @kentain @bobbybregman2490 @MRedbourne
https://docs.microsoft.com/en-us/defender-for-identity/whats-new#defender-for-identity-release-2173
We've released the updated installation package. Please note it may take a couple of days to reach your sensor download page.
Nov 08 2023 05:06 AM
Jan 25 2022 04:52 AM
Solution