Feb 15 2020 01:13 AM - last edited on Nov 30 2021 02:01 PM by Allen
[08A4:25DC][2020-02-15T14:32:46]i001: Burn v3.11.0.1701, Windows v10.0 (Build 14393: Service Pack 0), path: C:\Users\AAWESH~2\AppData\Local\Temp\{4DF4837A-FAC5-45E1-8CF7-65C865EC14F1}\.cr\Azure ATP Sensor Setup.exe
[08A4:25DC][2020-02-15T14:32:46]i000: Initializing hidden variable 'AccessKey'
[08A4:25DC][2020-02-15T14:32:46]i000: Initializing hidden variable 'ProxyConfiguration'
[08A4:25DC][2020-02-15T14:32:46]i000: Initializing hidden variable 'ProxyUserPassword'
[08A4:25DC][2020-02-15T14:32:46]i000: Initializing string variable 'NetFrameworkCommandLineArguments' to value '/passive /showrmui'
[08A4:25DC][2020-02-15T14:32:46]i009: Command Line: '"-burn.clean.room=C:\Windows\ccmcache\10\Azure ATP Sensor Setup.exe" -burn.filehandle.attached=544 -burn.filehandle.self=632'
[08A4:25DC][2020-02-15T14:32:46]i000: Setting string variable 'WixBundleOriginalSource' to value 'C:\Windows\ccmcache\10\Azure ATP Sensor Setup.exe'
[08A4:25DC][2020-02-15T14:32:46]i000: Setting string variable 'WixBundleOriginalSourceFolder' to value 'C:\Windows\ccmcache\10\'
[08A4:25DC][2020-02-15T14:32:46]i000: Setting string variable 'WixBundleLog' to value 'C:\Users\AAWESH~2\AppData\Local\Temp\Azure Advanced Threat Protection Sensor_20200215143246.log'
[08A4:25DC][2020-02-15T14:32:46]i000: Setting string variable 'WixBundleName' to value 'Azure Advanced Threat Protection Sensor'
[08A4:25DC][2020-02-15T14:32:46]i000: Setting string variable 'WixBundleManufacturer' to value 'Microsoft Corporation'
[08A4:25DC][2020-02-15T14:32:47]i000: Loading managed bootstrapper application.
[08A4:25DC][2020-02-15T14:32:47]i000: Creating BA thread to run asynchronously.
[08A4:25DC][2020-02-15T14:32:47]i100: Detect begin, 5 packages
[08A4:25DC][2020-02-15T14:32:47]i000: 2020-02-15 09:02:47.4352 Debug DeploymentModel DetectDeploymentAction DetectBegin [\[]Installed=False[\]]
[08A4:25DC][2020-02-15T14:32:47]i000: Registry key not found. Key = 'SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB4019990~31bf3856ad364e35~amd64~~6.1.1.2'
[08A4:25DC][2020-02-15T14:32:47]i000: Setting numeric variable 'Kb4019990Windows2008R2Exists' to value 0
[08A4:25DC][2020-02-15T14:32:47]i000: Registry key not found. Key = 'SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB4019990~31bf3856ad364e35~amd64~~6.2.1.1'
[08A4:25DC][2020-02-15T14:32:47]i000: Setting numeric variable 'Kb4019990Windows2012Exists' to value 0
[08A4:25DC][2020-02-15T14:32:47]i000: Setting string variable 'NetFrameworkRegistryValue' to value '528049'
[08A4:25DC][2020-02-15T14:32:47]i000: Setting string variable 'ServerLevelsServerCoreRegistryValue' to value '1'
[08A4:25DC][2020-02-15T14:32:47]i000: Setting string variable 'ServerLevelsServerGuiShellRegistryValue' to value '1'
[08A4:25DC][2020-02-15T14:32:47]i052: Condition 'Kb4019990Windows2008R2Exists' evaluates to false.
[08A4:25DC][2020-02-15T14:32:47]i052: Condition 'Kb4019990Windows2012Exists' evaluates to false.
[08A4:25DC][2020-02-15T14:32:47]i052: Condition 'NetFrameworkRegistryValue >= 460798' evaluates to true.
[08A4:25DC][2020-02-15T14:32:47]i052: Condition 'NetFrameworkRegistryValue >= 460798' evaluates to true.
[08A4:25DC][2020-02-15T14:32:47]i101: Detected package: Kb4019990Windows2008R2Package, state: Absent, cached: None
[08A4:25DC][2020-02-15T14:32:47]i101: Detected package: Kb4019990Windows2012Package, state: Absent, cached: None
[08A4:25DC][2020-02-15T14:32:47]i101: Detected package: NetFrameworkPackageServer, state: Present, cached: None
[08A4:25DC][2020-02-15T14:32:47]i101: Detected package: NetFrameworkPackageServerCore, state: Present, cached: None
[08A4:25DC][2020-02-15T14:32:47]i101: Detected package: MsiPackage, state: Absent, cached: None
[08A4:25DC][2020-02-15T14:32:47]i199: Detect complete, result: 0x0
[08A4:3284][2020-02-15T14:32:47]i000: 2020-02-15 09:02:47.4508 Debug DeploymentModel .ctor [\[]DeploymentAction=Install[\]]
[08A4:3284][2020-02-15T14:32:47]i000: 2020-02-15 09:02:47.5289 Debug DeploymentModel .ctor [\[]IsAfterRestartAndConfigured=False[\]]
[08A4:3284][2020-02-15T14:33:11]i000: 2020-02-15 09:03:11.8095 Error DeploymentModel ValidateCreateSensorAsync System.IO.FileNotFoundException: Could not load file or assembly 'Ben.Demystifier, Version=0.1.0.0, Culture=neutral, PublicKeyToken=a6d206e05440431a' or one of its dependencies. The system cannot find the file specified.
File name: 'Ben.Demystifier, Version=0.1.0.0, Culture=neutral, PublicKeyToken=a6d206e05440431a'
at Microsoft.Tri.Infrastructure.SanitizationExtension.Sanitize(Exception exception)
at Microsoft.Tri.Common.CommunicationWebClient.<SendWithRetryAsync>d__9`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Tri.Common.CommunicationWebClient.<SendAsync>d__7.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Tri.Sensor.Common.WorkspaceApplicationSensorApiDeploymentProxy.<SendAsync>d__5.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Tri.Sensor.Deployment.Bundle.UI.DeploymentModel.<ValidateCreateSensorAsync>d__52.MoveNext()
WRN: Assembly binding logging is turned OFF.
To enable assembly bind failure logging, set the registry value [\[]HKLM\Software\Microsoft\Fusion!EnableLog[\]] (DWORD) to 1.
Note: There is some performance penalty associated with assembly bind failure logging.
To turn this feature off, remove the registry value [\[]HKLM\Software\Microsoft\Fusion!EnableLog[\]].
failed connecting to service. The issue can be caused by a transparent proxy configuration [\[]WorkspaceApplicationSensorApiEndpoint=Unspecified/amdocssensorapi.atp.azure.com:443[\]]
[08A4:3284][2020-02-15T14:33:11]i000: 2020-02-15 09:03:11.8105 Info Model ValidateAsync ValidateCreateSensorAsync returned [\[]validateCreateSensorResult=FailedConnectivity[\]]
[08A4:3284][2020-02-15T14:33:53]i000: 2020-02-15 09:03:53.4862 Debug SensorBootstrapperApplication Run Engine.Quit [\[]deploymentResultStatus=1602 isRestartRequired=False[\]]
[08A4:25DC][2020-02-15T14:33:53]i500: Shutting down, exit code: 0x642
[08A4:25DC][2020-02-15T14:33:53]i410: Variable: Kb4019990Windows2008R2Exists = 0
[08A4:25DC][2020-02-15T14:33:53]i410: Variable: Kb4019990Windows2012Exists = 0
[08A4:25DC][2020-02-15T14:33:53]i410: Variable: NetFrameworkCommandLineArguments = /passive /showrmui
[08A4:25DC][2020-02-15T14:33:53]i410: Variable: NetFrameworkRegistryValue = 528049
[08A4:25DC][2020-02-15T14:33:53]i410: Variable: RebootPending = 0
[08A4:25DC][2020-02-15T14:33:53]i410: Variable: ServerLevelsServerCoreRegistryValue = 1
[08A4:25DC][2020-02-15T14:33:53]i410: Variable: ServerLevelsServerGuiShellRegistryValue = 1
[08A4:25DC][2020-02-15T14:33:53]i410: Variable: WixBundleAction = 5
[08A4:25DC][2020-02-15T14:33:53]i410: Variable: WixBundleElevated = 1
[08A4:25DC][2020-02-15T14:33:53]i410: Variable: WixBundleLog = C:\Users\AAWESH~2\AppData\Local\Temp\Azure Advanced Threat Protection Sensor_20200215143246.log
[08A4:25DC][2020-02-15T14:33:53]i410: Variable: WixBundleManufacturer = Microsoft Corporation
[08A4:25DC][2020-02-15T14:33:53]i410: Variable: WixBundleName = Azure Advanced Threat Protection Sensor
[08A4:25DC][2020-02-15T14:33:53]i410: Variable: WixBundleOriginalSource = C:\Windows\ccmcache\10\Azure ATP Sensor Setup.exe
[08A4:25DC][2020-02-15T14:33:53]i410: Variable: WixBundleOriginalSourceFolder = C:\Windows\ccmcache\10\
[08A4:25DC][2020-02-15T14:33:53]i410: Variable: WixBundleProviderKey = {ae513c9a-d60f-4ba4-9bd2-6d5ccae1c9d3}
[08A4:25DC][2020-02-15T14:33:53]i410: Variable: WixBundleSourceProcessFolder = C:\Windows\ccmcache\10\
[08A4:25DC][2020-02-15T14:33:53]i410: Variable: WixBundleSourceProcessPath = C:\Windows\ccmcache\10\Azure ATP Sensor Setup.exe
[08A4:25DC][2020-02-15T14:33:53]i410: Variable: WixBundleTag =
[08A4:25DC][2020-02-15T14:33:53]i410: Variable: WixBundleUILevel = 4
[08A4:25DC][2020-02-15T14:33:53]i410: Variable: WixBundleVersion = 2.0.0.0
[08A4:25DC][2020-02-15T14:33:53]i007: Exit code: 0x642, restarting: No
Feb 15 2020 05:32 AM
The error show a missing file error due to a bug (that will be fixed in 2.109 during next week).
The root cause of the issue is that the deployment is trying to contact the AATP endpoint in azure and fails. are you using a proxy?
Feb 16 2020 05:43 AM
Feb 16 2020 07:19 AM
Did you install with the proxy definitions as in
Feb 16 2020 09:13 PM
Feb 16 2020 11:38 PM
@Amin7RDR , if you are going with the registry path, make sure to do it both for local service and local system.
If you are using the silent installation parameters, you don't need to tweak the registry.
The credentials parameters are for the proxy in case it needs authentication, if the proxy does not require authentication, you can just supply the proxy url.
Feb 16 2020 11:56 PM