Jul 04 2018
02:47 AM
- last edited on
May 24 2021
02:34 PM
by
TechCommunityAP
Jul 04 2018
02:47 AM
- last edited on
May 24 2021
02:34 PM
by
TechCommunityAP
Hi all,
having trouble with installing the Azure ATP sensor on a Windows Server 2012 R2 x64. Proxy can be reached and sensor even shows up in the console but then installation fails and rollback gets initiated.
Exit Code is: 0x80070643,
There's no AV installed and no other security policy that affects on that machine.
[19F0:137C][2018-07-04T11:33:42]i410: Variable: AccessKey = *****
[19F0:137C][2018-07-04T11:33:42]i410: Variable: InstallationPath = C:\Program Files\Azure Advanced Threat Protection Sensor
[19F0:137C][2018-07-04T11:33:42]i410: Variable: IsConfigured = True
[19F0:137C][2018-07-04T11:33:42]i410: Variable: Kb4019990Windows2008R2Exists = 0
[19F0:137C][2018-07-04T11:33:42]i410: Variable: Kb4019990Windows2012Exists = 0
[19F0:137C][2018-07-04T11:33:42]i410: Variable: NetFrameworkCommandLineArguments = /passive /showrmui
[19F0:137C][2018-07-04T11:33:42]i410: Variable: NetFrameworkRegistryValue = 460805
[19F0:137C][2018-07-04T11:33:42]i410: Variable: RebootPending = 0
[19F0:137C][2018-07-04T11:33:42]i410: Variable: ServerLevelsServerCoreRegistryValue = 1
[19F0:137C][2018-07-04T11:33:42]i410: Variable: ServerLevelsServerGuiShellRegistryValue = 1
[19F0:137C][2018-07-04T11:33:42]i410: Variable: VersionNT64 = 6.3.0.0
[19F0:137C][2018-07-04T11:33:42]i410: Variable: WixBundleAction = 5
[19F0:137C][2018-07-04T11:33:42]i410: Variable: WixBundleElevated = 1
[19F0:137C][2018-07-04T11:33:42]i410: Variable: WixBundleLog = C:\Users\xxxx\AppData\Local\Temp\Azure Advanced Threat Protection Sensor_20180704112648.log
[19F0:137C][2018-07-04T11:33:42]i410: Variable: WixBundleLog_MsiPackage = C:\Users\xxxxx\AppData\Local\Temp\Azure Advanced Threat Protection Sensor_20180704112648_000_MsiPackage.log
[19F0:137C][2018-07-04T11:33:42]i410: Variable: WixBundleManufacturer = Microsoft Corporation
[19F0:137C][2018-07-04T11:33:42]i410: Variable: WixBundleName = Azure Advanced Threat Protection Sensor
[19F0:137C][2018-07-04T11:33:42]i410: Variable: WixBundleOriginalSource = C:\Temp\Azure ATP Sensor Setup\Azure ATP Sensor Setup.exe
[19F0:137C][2018-07-04T11:33:42]i410: Variable: WixBundleOriginalSourceFolder = C:\Temp\Azure ATP Sensor Setup\
[19F0:137C][2018-07-04T11:33:42]i410: Variable: WixBundleProviderKey = {b50da163-5fe8-40cc-9bfc-8373ab225867}
[19F0:137C][2018-07-04T11:33:42]i410: Variable: WixBundleRollbackLog_MsiPackage = C:\Users\xxxxx\AppData\Local\Temp\Azure Advanced Threat Protection Sensor_20180704112648_000_MsiPackage_rollback.log
[19F0:137C][2018-07-04T11:33:42]i410: Variable: WixBundleSourceProcessFolder = C:\Temp\Azure ATP Sensor Setup\
[19F0:137C][2018-07-04T11:33:42]i410: Variable: WixBundleSourceProcessPath = C:\Temp\Azure ATP Sensor Setup\Azure ATP Sensor Setup.exe
[19F0:137C][2018-07-04T11:33:42]i410: Variable: WixBundleTag =
[19F0:137C][2018-07-04T11:33:42]i410: Variable: WixBundleUILevel = 4
[19F0:137C][2018-07-04T11:33:42]i410: Variable: WixBundleVersion = 2.0.0.0
[19F0:137C][2018-07-04T11:33:42]i007: Exit code: 0x80070643, restarting: No
Jul 04 2018 07:28 AM
Hi Alexander,
First i was thinking it had with DNS issue.
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/configure-proxy
But i remember also that i had issue because of hardware requirements.
Packets per second* CPU (cores) Memory (GB)
0-1k | 0.25 | 2.50 |
1k-5k | 0.75 | 6.00 |
5k-10k | 1.00 | 6.50 |
10k-20k | 2.00 | 9.00 |
20k-50k | 3.50 | 9.50 |
50k-75k | 3.50 | 9.50 |
75k-100k | 3.50 | 9.50 |
I feel like it's hard to troubleshot ATP. I send you issue to another group.
Thomas
Jul 08 2018 02:54 AM
Hi Thomas,
we've tried different server (physical and virtual) with different cpu and ram. I can say that the lack of missing hardware is not the issue. I've furthermore figured out that the installation of the msi itself went trough fine but when the routine tried to register the services there was an issue. Bot services were created fine but it's seems that they couldn't be started. In the meanwhile the server even showed up in the azure atp dashboard. Then the rollback happened....
Jul 08 2018 01:02 PM
I Checked little, i comes back with a Proxy issue.
But have you tryed to asked this in Enterprise Mobility + Security forum. It's a own tab for ATP 🙂
Hope it's better help there. If i find out your issue i ping you.
Thomas