Unable to collect domain controller data on ATA Gateway server

%3CLINGO-SUB%20id%3D%22lingo-sub-100319%22%20slang%3D%22en-US%22%3EUnable%20to%20collect%20domain%20controller%20data%20on%20ATA%20Gateway%20server%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-100319%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Microsoft%20Experts%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20one%20ATA%20gateway%20running%201.8%20version%20and%20one%202008%20R2%20DC%20(both%20are%20virtual%20machines%20on%20single%202012%20hyper-v%20edition)%3C%2FP%3E%3CP%3EI%20am%20following%20below%20article%20to%20configure%20port%20mirroring%20on%20ATA%20gateway%20server%20to%20capture%20DC%20network%20traffic%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fblogs.technet.microsoft.com%2Fnetworking%2F2015%2F10%2F16%2Fsetting-up-port-mirroring-to-capture-mirrored-traffic-on-a-hyper-v-virtual-machine%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fblogs.technet.microsoft.com%2Fnetworking%2F2015%2F10%2F16%2Fsetting-up-port-mirroring-to-capture-mirrored-traffic-on-a-hyper-v-virtual-machine%2F%3C%2FA%3E%3C%2FP%3E%3CP%3EThe%20powershell%20script%20is%20available%20to%20check%20if%20port%20mirroring%20is%20done%20successfully%2C%20however%20though%20port%20mirroring%20is%20done%20and%20event%20forwarding%20is%20set%20on%20DC%20to%20forward%20events%20to%20ATA%20gateway%20server%2C%20still%20I%20am%20not%20getting%20any%20traffic%20captured%20on%20ATA%20center%20server.%20Also%20events%20are%20not%20getting%20forwarded%3C%2FP%3E%3CP%3ENot%20sure%20where%20and%20how%20to%20resolve%20the%20issue%3F%3C%2FP%3E%3CP%3EDo%20I%20need%20to%20setup%20port%20mirroing%20at%20network%20level%3F%20note%20that%20my%20both%20VMs%20are%20on%20same%20physical%20host%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-100319%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdvanced%20Threat%20Analytics%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Frequent Visitor

Hi Microsoft Experts,

 

I have one ATA gateway running 1.8 version and one 2008 R2 DC (both are virtual machines on single 2012 hyper-v edition)

I am following below article to configure port mirroring on ATA gateway server to capture DC network traffic

https://blogs.technet.microsoft.com/networking/2015/10/16/setting-up-port-mirroring-to-capture-mirro...

The powershell script is available to check if port mirroring is done successfully, however though port mirroring is done and event forwarding is set on DC to forward events to ATA gateway server, still I am not getting any traffic captured on ATA center server. Also events are not getting forwarded

Not sure where and how to resolve the issue?

Do I need to setup port mirroing at network level? note that my both VMs are on same physical host

 

0 Replies