Dec 02 2021 08:44 AM
Hi,
Installing on Windows server 2019 DC
Worked on one DC and failed on the second one.
It says its about proxy or SSL incpection but using the same network configuration for both DC.....
Only difference is that the failed server has .net framework 4.8 installed insteed of 4.7 , can that cause problems?
Logs Microsoft.Tri.Sensor.Deployment.Deployer_xxxxx.log i can see:
Error CommunicationWebClient+<SendWithRetryAsync>d__9`1 ApplyInternal failed two way SSL connection to service. The issue can be caused by a proxy with SSL inspection enabled. [_workspaceApplicationSensorApiEndpoint=Unspecified/"xxxxxx"sensorapi.atp.azure.com:443 Thumbprint=215A1ACDD429F409C3FA80F97E3B047F53A9B33C]
Microsoft.Tri.Infrastructure.ExtendedException: Sanitized exception: [Type=System.Net.Http.HttpRequestExceptionMessage=7INzM3PVZQKggOiiHcWjqw==StackTrace= at async Task<HttpResponseMessage> System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task<HttpResponseMessage> sendTask, HttpRequestMessage request, CancellationTokenSource cts, bool disposeCts)
at async Task<TResponse> Microsoft.Tri.Common.CommunicationWebClient.SendAsync<TResponse>(byte[] requestBytes, int offset, int count)
at async Task<TResponse> Microsoft.Tri.Common.CommunicationWebClient.SendWithRetryAsync<TResponse>(byte[] requestBytes, int offset, int count)InnerException=Microsoft.Tri.Infrastructure.ExtendedException: Sanitized exception: [Type=System.Net.WebExceptionMessage=oGozETEXXxGm34muKGQ6bg==StackTrace= at Stream System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, out TransportContext context)
at void System.Net.Http.HttpClientHandler.GetRequestStreamCallback(IAsyncResult ar)InnerException=]]
at async Task<TResponse> Microsoft.Tri.Common.CommunicationWebClient.SendWithRetryAsync<TResponse>(byte[] requestBytes, int offset, int count)
at async Task Microsoft.Tri.Common.CommunicationWebClient.SendAsync(IVoidRequest request)
at void Microsoft.Tri.Infrastructure.TaskExtension.Await(Task task)
at bool Microsoft.Tri.Sensor.Deployment.Deployer.CreateSensorAction.ApplyInternal()
and from Azure Advanced Threat Protection Sensor_xxxxxx_MsiPackage.log
MSI (s) (A4:7C) [16:47:04:313]: Invoking remote custom action. DLL: C:\Windows\Installer\MSIAF45.tmp, Entrypoint: Install
MSI (s) (A4:FC) [16:47:04:313]: Generating random cookie.
MSI (s) (A4:FC) [16:47:04:313]: Created Custom Action Server with PID 6248 (0x1868).
MSI (s) (A4:78) [16:47:04:329]: Running as a service.
MSI (s) (A4:78) [16:47:04:344]: Hello, I'm your 64bit Impersonated custom action server.
Action start 16:47:04: InstallCustomAction.
SFXCA: Extracting custom action to temporary directory: C:\Windows\Installer\MSIAF45.tmp-\
SFXCA: Binding to CLR version v4.0.30319
Calling custom action Microsoft.Tri.Sensor.Deployment.Package.Actions!Microsoft.Tri.Sensor.Deployment.Package.Actions.CustomActions.Install
2021-12-02 14:47:06.7510 Debug CustomActions RunActionGroup InstallActionGroup started
2021-12-02 14:47:06.7822 Debug InstallActionGroup Apply started
2021-12-02 14:47:06.7822 Debug CreateDirectoryDeploymentAction Apply started [suppressFailure=False]
2021-12-02 14:47:06.7822 Debug CreateDirectoryDeploymentAction Apply finished
2021-12-02 14:47:06.7822 Debug DownloadMinorDeploymentPackageBytesAction Apply started [suppressFailure=False]
2021-12-02 14:47:11.6729 Debug DownloadMinorDeploymentPackageBytesAction Apply finished
2021-12-02 14:47:11.6729 Debug UnpackDeploymentPackageBytesAction Apply started [suppressFailure=False]
2021-12-02 14:47:12.9541 Debug UnpackDeploymentPackageBytesAction Apply finished
2021-12-02 14:47:12.9541 Debug RunDeployerMajorDeploymentAction Apply started [suppressFailure=False]
2021-12-02 14:47:12.9854 Info RunDeployerMajorDeploymentAction ApplyInternal started [filePath=MnM/qMDfM2IU8qbug/TRjg== _arguments=TSACyHxPv/Rl4WKiyfuQ6Q==]
2021-12-02 14:47:23.2978 Info RunDeployerMajorDeploymentAction ApplyInternal finished [isSuccessful=False]
2021-12-02 14:47:23.3135 Debug InstallActionGroup Revert started
2021-12-02 14:47:23.3135 Warn InstallActionGroup Revert reverting [rollbackAction=UnpackDeploymentPackageBytesAction index=0 count=3]
2021-12-02 14:47:23.3135 Debug UnpackDeploymentPackageBytesAction Revert started
2021-12-02 14:47:23.3603 Debug UnpackDeploymentPackageBytesAction Revert finished
2021-12-02 14:47:23.3603 Warn InstallActionGroup Revert reverting [rollbackAction=DownloadMinorDeploymentPackageBytesAction index=1 count=3]
2021-12-02 14:47:23.3603 Debug DownloadMinorDeploymentPackageBytesAction Revert started
2021-12-02 14:47:23.3603 Debug DownloadMinorDeploymentPackageBytesAction Revert finished
2021-12-02 14:47:23.3603 Warn InstallActionGroup Revert reverting [rollbackAction=CreateDirectoryDeploymentAction index=2 count=3]
2021-12-02 14:47:23.3603 Debug CreateDirectoryDeploymentAction Revert started
2021-12-02 14:47:23.3603 Debug CreateDirectoryDeploymentAction Revert finished
2021-12-02 14:47:23.3760 Debug InstallActionGroup Revert finished
2021-12-02 14:47:23.5010 Error DeploymentAction Failed to apply InstallActionGroup
Microsoft.Tri.Infrastructure.ExtendedException: Apply failed [Type=RunDeployerMajorDeploymentAction]
at Microsoft.Tri.Sensor.Common.DeploymentAction.Apply(Boolean suppressFailure)
at Microsoft.Tri.Sensor.Common.DeploymentActionGroup.Apply(Boolean suppressFailure)
at Microsoft.Tri.Sensor.Deployment.Package.Actions.CustomActions.RunActionGroup(DeploymentActionGroup deploymentActionGroup, Session session)
2021-12-02 14:47:23.5010 Debug CustomActions RunActionGroup InstallActionGroup finished [result=Failure]
CustomAction InstallCustomAction returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
MSI (s) (A4:E4) [16:47:23:594]: Note: 1: 2265 2: 3: -2147287035
MSI (s) (A4:E4) [16:47:23:594]: Machine policy value 'DisableRollback' is 0
MSI (s) (A4:E4) [16:47:23:594]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
Action ended 16:47:23: InstallCustomAction. Return value 3.
MSI (s) (A4:E4) [16:47:23:594]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (A4:E4) [16:47:23:594]: No System Restore sequence number for this installation.
MSI (s) (A4:E4) [16:47:23:594]: Unlocking Server
Action ended 16:47:23: INSTALL. Return value 3.
Property(S): UpgradeCode = {EDFB49E0-16FA-4535-B268-BD1B81B15DC2}
Property(S): TARGETDIR = C:\
Property(S): ALLUSERS = 1
Property(S): Manufacturer = Microsoft Corporation
Property(S): ProductCode = {8D151D49-408C-42C1-B66E-BF628B2BA137}
Property(S): ProductLanguage = 1033
Property(S): ProductName = Azure Advanced Threat Protection Sensor
Property(S): ProductVersion = 2.0.0.0
Property(S): SecureCustomProperties = WIX_DOWNGRADE_DETECTED;WIX_UPGRADE_DETECTED
Property(S): MsiHiddenProperties = ACCESSKEY;PROXYCONFIGURATION
Property(S): MsiLogFileLocation = C:\Users\myUser\AppData\Local\Temp\Azure Advanced Threat Protection Sensor_20211202164657_000_MsiPackage.log
Property(S): PackageCode = {52A8977C-7325-4AFE-8C34-4A12ABBADCC9}
Property(S): ProductState = -1
Property(S): PackagecodeChanging = 1
Property(S): ARPSYSTEMCOMPONENT = 1
Property(S): MSIFASTINSTALL = 7
Property(S): ACCESSKEY = **********
Property(S): INSTALLATIONPATH = C:\Program Files\Azure Advanced Threat Protection Sensor
Property(S): PROXYCONFIGURATION = **********
Property(S): WIXBUNDLEORIGINALSOURCEFOLDER = C:\Azure ATP Sensor setup\
Property(S): REBOOT = ReallySuppress
Property(S): CURRENTDIRECTORY = C:\Azure ATP Sensor setup
Property(S): CLIENTUILEVEL = 3
Property(S): MSICLIENTUSESEXTERNALUI = 1
Property(S): CLIENTPROCESSID = 564
Property(S): MsiSystemRebootPending = 1
Property(S): VersionDatabase = 500
Property(S): VersionMsi = 5.00
Property(S): VersionNT = 603
Property(S): VersionNT64 = 603
Property(S): WindowsBuild = 9600
Property(S): ServicePackLevel = 0
Property(S): ServicePackLevelMinor = 0
Property(S): MsiNTProductType = 2
Property(S): WindowsFolder = C:\Windows\
Property(S): WindowsVolume = C:\
Property(S): System64Folder = C:\Windows\system32\
Property(S): SystemFolder = C:\Windows\SysWOW64\
Property(S): RemoteAdminTS = 1
Property(S): TempFolder = C:\Users\myUser\AppData\Local\Temp\
Property(S): ProgramFilesFolder = C:\Program Files (x86)\
Property(S): CommonFilesFolder = C:\Program Files (x86)\Common Files\
Property(S): ProgramFiles64Folder = C:\Program Files\
Property(S): CommonFiles64Folder = C:\Program Files\Common Files\
Property(S): AppDataFolder = C:\Users\myUser\AppData\Roaming\
Property(S): FavoritesFolder = C:\Users\myUser\Favorites\
Property(S): NetHoodFolder = C:\Users\myUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts\
Property(S): PersonalFolder = C:\Users\myUser\Documents\
Property(S): PrintHoodFolder = C:\Users\myUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\
Property(S): RecentFolder = C:\Users\myUser\AppData\Roaming\Microsoft\Windows\Recent\
Property(S): SendToFolder = C:\Users\myUser\AppData\Roaming\Microsoft\Windows\SendTo\
Property(S): TemplateFolder = C:\ProgramData\Microsoft\Windows\Templates\
Property(S): CommonAppDataFolder = C:\ProgramData\
Property(S): LocalAppDataFolder = C:\Users\myUser\AppData\Local\
Property(S): MyPicturesFolder = C:\Users\myUser\Pictures\
Property(S): AdminToolsFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
Property(S): StartupFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Property(S): ProgramMenuFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
Property(S): StartMenuFolder = C:\ProgramData\Microsoft\Windows\Start Menu\
Property(S): DesktopFolder = C:\Users\Public\Desktop\
Property(S): FontsFolder = C:\Windows\Fonts\
Property(S): GPTSupport = 1
Property(S): OLEAdvtSupport = 1
Property(S): ShellAdvtSupport = 1
Property(S): MsiAMD64 = 6
Property(S): Msix64 = 6
Property(S): Intel = 6
Property(S): PhysicalMemory = 8192
Property(S): VirtualMemory = 7554
Property(S): AdminUser = 1
Property(S): MsiTrueAdminUser = 1
Property(S): LogonUser = myUser
Property(S): UserSID = S-1-5-21-3046516401-3636090652-2255682220-1409
Property(S): UserLanguageID = 1033
Property(S): ComputerName = server name
Property(S): SystemLanguageID = 1033
Property(S): ScreenX = 1024
Property(S): ScreenY = 768
Property(S): CaptionHeight = 23
Property(S): BorderTop = 1
Property(S): BorderSide = 1
Property(S): TextHeight = 16
Property(S): TextInternalLeading = 3
Property(S): ColorBits = 32
Property(S): TTCSupport = 1
Property(S): Time = 16:47:23
Property(S): Date = 12/2/2021
Property(S): MsiNetAssemblySupport = 4.8.3761.0
Property(S): MsiWin32AssemblySupport = 6.3.17763.1
Property(S): RedirectedDllSupport = 2
Property(S): MsiRunningElevated = 1
Property(S): Privileged = 1
Property(S): USERNAME = Windows User
Property(S): DATABASE = C:\Windows\Installer\487ae7a.msi
Property(S): OriginalDatabase = C:\ProgramData\Package Cache\{8D151D49-408C-42C1-B66E-BF628B2BA137}v2.0.0.0\Microsoft.Tri.Sensor.Deployment.Package.msi
Property(S): UILevel = 2
Property(S): MsiUISourceResOnly = 1
Property(S): ACTION = INSTALL
Property(S): ROOTDRIVE = C:\
Property(S): CostingComplete = 1
Property(S): OutOfDiskSpace = 0
Property(S): OutOfNoRbDiskSpace = 0
Property(S): PrimaryVolumeSpaceAvailable = 0
Property(S): PrimaryVolumeSpaceRequired = 0
Property(S): PrimaryVolumeSpaceRemaining = 0
Property(S): INSTALLLEVEL = 1
MSI (s) (A4:E4) [16:47:23:626]: Note: 1: 1708
MSI (s) (A4:E4) [16:47:23:626]: Note: 1: 2205 2: 3: Error
MSI (s) (A4:E4) [16:47:23:626]: Note: 1: 2228 2: 3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 1708
MSI (s) (A4:E4) [16:47:23:626]: Note: 1: 2205 2: 3: Error
MSI (s) (A4:E4) [16:47:23:626]: Note: 1: 2228 2: 3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 1709
MSI (s) (A4:E4) [16:47:23:626]: Product: Azure Advanced Threat Protection Sensor -- Installation failed.
MSI (s) (A4:E4) [16:47:23:626]: Windows Installer installed the product. Product Name: Azure Advanced Threat Protection Sensor. Product Version: 2.0.0.0. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 1603.
MSI (s) (A4:E4) [16:47:23:626]: Deferring clean up of packages/files, if any exist
MSI (s) (A4:E4) [16:47:23:626]: MainEngineThread is returning 1603
MSI (s) (A4:44) [16:47:23:626]: RESTART MANAGER: Session closed.
MSI (s) (A4:44) [16:47:23:626]: No System Restore sequence number for this installation.
=== Logging stopped: 12/2/2021 16:47:23 ===
MSI (s) (A4:44) [16:47:23:641]: User policy value 'DisableRollback' is 0
MSI (s) (A4:44) [16:47:23:641]: Machine policy value 'DisableRollback' is 0
MSI (s) (A4:44) [16:47:23:641]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (A4:44) [16:47:23:641]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (A4:44) [16:47:23:641]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2
MSI (s) (A4:44) [16:47:23:641]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (s) (A4:44) [16:47:23:641]: Destroying RemoteAPI object.
MSI (s) (A4:FC) [16:47:23:641]: Custom Action Manager thread ending.
MSI (c) (34:24) [16:47:23:641]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (c) (34:24) [16:47:23:641]: MainEngineThread is returning 1603
=== Verbose logging stopped: 12/2/2021 16:47:23 ===
Dec 02 2021 01:54 PM
Dec 08 2021 04:33 AM
Dec 20 2021 11:10 PM
@SanderCYBR
Thank you. It's now also documented here https://docs.microsoft.com/en-us/defender-for-identity/troubleshooting-known-issues#applyinternal-fa...
Jun 16 2022 07:15 AM
Jun 16 2022 08:43 AM
No. It's not required for .NET v2.0. But you may be encountering a different issue.
Did you install the sensor with the proxyUrl switch, or are you using a transparent proxy? It (the proxy) might be doing SSL inspection and it's breaking the sensor's communication.
Jun 16 2022 11:44 PM
Jun 17 2022 12:20 AM
Jun 17 2022 03:40 AM
Jul 06 2022 08:13 AM
We updated the documentation:
https://docs.microsoft.com/en-us/defender-for-identity/configure-proxy#:~:text=SSL%20inspection%20an....
Aug 10 2023 06:51 AM
Aug 10 2023 07:14 AM
@Shaun848 The error code alone is not enough to pinpoint the problem.
You need to check the deployment logs and search for the error that caused the failure.
https://learn.microsoft.com/en-us/defender-for-identity/troubleshooting-using-logs
Aug 10 2023 07:17 AM
Aug 10 2023 01:46 PM
@Shaun848 please share the deployer log as well.
Aug 11 2023 07:28 AM
[06CC:232C][2023-08-10T08:50:22]i001: Burn v3.11.2.4516, Windows v10.0 (Build 14393: Service Pack 0), path: C:\Users\ADM~1.SHE\AppData\Local\Temp\3\{EBFA69FB-FF60-4E49-B5E6-077039674BE8}\.cr\Azure ATP Sensor Setup.exe
[06CC:232C][2023-08-10T08:50:22]i000: Initializing hidden variable 'AccessKey'
[06CC:232C][2023-08-10T08:50:22]i000: Initializing hidden variable 'ProxyConfiguration'
[06CC:232C][2023-08-10T08:50:22]i000: Initializing hidden variable 'ProxyUserPassword'
[06CC:232C][2023-08-10T08:50:22]i000: Initializing string variable 'NetFrameworkCommandLineArguments' to value '/passive /showrmui'
[06CC:232C][2023-08-10T08:50:22]i009: Command Line: '"-burn.clean.room=C:\Users\adm.shealy\Desktop\Azure ATP Sensor Setup\Azure ATP Sensor Setup.exe" -burn.filehandle.attached=464 -burn.filehandle.self=468'
[06CC:232C][2023-08-10T08:50:22]i000: Setting string variable 'WixBundleOriginalSource' to value 'C:\Users\adm.shealy\Desktop\Azure ATP Sensor Setup\Azure ATP Sensor Setup.exe'
[06CC:232C][2023-08-10T08:50:22]i000: Setting string variable 'WixBundleOriginalSourceFolder' to value 'C:\Users\adm.shealy\Desktop\Azure ATP Sensor Setup\'
[06CC:232C][2023-08-10T08:50:29]i000: Setting string variable 'WixBundleLog' to value 'C:\Users\ADM~1.SHE\AppData\Local\Temp\Azure Advanced Threat Protection Sensor_20230810085029.log'
[06CC:232C][2023-08-10T08:50:29]i000: Setting string variable 'WixBundleName' to value 'Azure Advanced Threat Protection Sensor'
[06CC:232C][2023-08-10T08:50:29]i000: Setting string variable 'WixBundleManufacturer' to value 'Microsoft Corporation'
[06CC:232C][2023-08-10T08:50:30]i000: Loading managed bootstrapper application.
[06CC:232C][2023-08-10T08:50:30]i000: Creating BA thread to run asynchronously.
[06CC:232C][2023-08-10T08:50:32]i100: Detect begin, 5 packages
[06CC:232C][2023-08-10T08:50:32]i000: 2023-08-10 12:50:32.6036 Debug DeploymentModel DetectDeploymentAction DetectBegin [\[]Installed=False[\]]
[06CC:232C][2023-08-10T08:50:32]i000: Registry key not found. Key = 'SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB4019990~31bf3856ad364e35~amd64~~6.1.1.2'
[06CC:232C][2023-08-10T08:50:32]i000: Setting numeric variable 'Kb4019990Windows2008R2Exists' to value 0
[06CC:232C][2023-08-10T08:50:32]i000: Registry key not found. Key = 'SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_1_for_KB4019990~31bf3856ad364e35~amd64~~6.2.1.1'
[06CC:232C][2023-08-10T08:50:32]i000: Setting numeric variable 'Kb4019990Windows2012Exists' to value 0
[06CC:232C][2023-08-10T08:50:32]i000: Setting string variable 'NetFrameworkRegistryValue' to value '460805'
[06CC:232C][2023-08-10T08:50:32]i000: Setting string variable 'ServerLevelsServerCoreRegistryValue' to value '1'
[06CC:232C][2023-08-10T08:50:32]i000: Setting string variable 'ServerLevelsServerGuiShellRegistryValue' to value '1'
[06CC:232C][2023-08-10T08:50:32]i052: Condition 'Kb4019990Windows2008R2Exists' evaluates to false.
[06CC:232C][2023-08-10T08:50:32]i052: Condition 'Kb4019990Windows2012Exists' evaluates to false.
[06CC:232C][2023-08-10T08:50:32]i052: Condition 'NetFrameworkRegistryValue >= 460798' evaluates to true.
[06CC:232C][2023-08-10T08:50:32]i052: Condition 'NetFrameworkRegistryValue >= 460798' evaluates to true.
[06CC:232C][2023-08-10T08:50:32]i101: Detected package: Kb4019990Windows2008R2Package, state: Absent, cached: None
[06CC:232C][2023-08-10T08:50:32]i101: Detected package: Kb4019990Windows2012Package, state: Absent, cached: None
[06CC:232C][2023-08-10T08:50:32]i101: Detected package: NetFrameworkPackageServer, state: Present, cached: Complete
[06CC:232C][2023-08-10T08:50:32]i101: Detected package: NetFrameworkPackageServerCore, state: Present, cached: Complete
[06CC:232C][2023-08-10T08:50:32]i101: Detected package: MsiPackage, state: Absent, cached: None
[06CC:232C][2023-08-10T08:50:32]i199: Detect complete, result: 0x0
[06CC:05C8][2023-08-10T08:50:32]i000: 2023-08-10 12:50:32.6192 Debug DeploymentModel .ctor [\[]DeploymentAction=Install[\]]
[06CC:05C8][2023-08-10T08:50:32]i000: 2023-08-10 12:50:32.7442 Debug DeploymentModel .ctor [\[]IsAfterRestartAndConfigured=False[\]]
[06CC:05C8][2023-08-10T08:51:32]i000: 2023-08-10 12:51:32.2243 Info Model ValidateAsync ValidateCreateSensorAsync returned [\[]validateCreateSensorResult=Success[\]]
[06CC:05C8][2023-08-10T08:51:32]i000: Setting string variable 'IsConfigured' to value 'True'
[06CC:05C8][2023-08-10T08:51:32]i000: Setting hidden variable 'AccessKey'
[06CC:05C8][2023-08-10T08:51:32]i000: Unsetting variable 'DelayedUpdate'
[06CC:05C8][2023-08-10T08:51:32]i000: Unsetting variable 'LogsPath'
[06CC:05C8][2023-08-10T08:51:32]i000: Setting hidden variable 'ProxyConfiguration'
[06CC:05C8][2023-08-10T08:51:32]i000: Setting string variable 'InstallationPath' to value 'C:\Program Files\Azure Advanced Threat Protection Sensor'
[06CC:232C][2023-08-10T08:51:32]i200: Plan begin, 5 packages, action: Install
[06CC:232C][2023-08-10T08:51:32]i052: Condition 'VersionNT64 = v6.1' evaluates to false.
[06CC:232C][2023-08-10T08:51:32]w321: Skipping dependency registration on package with no dependency providers: Kb4019990Windows2008R2Package
[06CC:232C][2023-08-10T08:51:32]i052: Condition 'VersionNT64 = v6.2' evaluates to false.
[06CC:232C][2023-08-10T08:51:32]w321: Skipping dependency registration on package with no dependency providers: Kb4019990Windows2012Package
[06CC:232C][2023-08-10T08:51:32]i052: Condition 'ServerLevelsServerCoreRegistryValue <> 1 OR ServerLevelsServerGuiShellRegistryValue = 1' evaluates to true.
[06CC:232C][2023-08-10T08:51:32]w321: Skipping dependency registration on package with no dependency providers: NetFrameworkPackageServer
[06CC:232C][2023-08-10T08:51:32]i052: Condition 'ServerLevelsServerCoreRegistryValue = 1 AND ServerLevelsServerGuiShellRegistryValue <> 1' evaluates to false.
[06CC:232C][2023-08-10T08:51:32]w321: Skipping dependency registration on package with no dependency providers: NetFrameworkPackageServerCore
[06CC:232C][2023-08-10T08:51:32]i000: Setting string variable 'WixBundleRollbackLog_MsiPackage' to value 'C:\Users\ADM~1.SHE\AppData\Local\Temp\Azure Advanced Threat Protection Sensor_20230810085029_000_MsiPackage_rollback.log'
[06CC:232C][2023-08-10T08:51:32]i000: Setting string variable 'WixBundleLog_MsiPackage' to value 'C:\Users\ADM~1.SHE\AppData\Local\Temp\Azure Advanced Threat Protection Sensor_20230810085029_000_MsiPackage.log'
[06CC:232C][2023-08-10T08:51:32]i201: Planned package: Kb4019990Windows2008R2Package, state: Absent, default requested: Absent, ba requested: Absent, execute: None, rollback: None, cache: No, uncache: No, dependency: None
[06CC:232C][2023-08-10T08:51:32]i201: Planned package: Kb4019990Windows2012Package, state: Absent, default requested: Absent, ba requested: Absent, execute: None, rollback: None, cache: No, uncache: No, dependency: None
[06CC:232C][2023-08-10T08:51:32]i201: Planned package: NetFrameworkPackageServer, state: Present, default requested: Present, ba requested: Present, execute: None, rollback: None, cache: No, uncache: No, dependency: None
[06CC:232C][2023-08-10T08:51:32]i201: Planned package: NetFrameworkPackageServerCore, state: Present, default requested: Absent, ba requested: Absent, execute: None, rollback: None, cache: No, uncache: No, dependency: None
[06CC:232C][2023-08-10T08:51:32]i201: Planned package: MsiPackage, state: Absent, default requested: Present, ba requested: Present, execute: Install, rollback: Uninstall, cache: Yes, uncache: No, dependency: Register
[06CC:232C][2023-08-10T08:51:32]i299: Plan complete, result: 0x0
[06CC:232C][2023-08-10T08:51:32]i300: Apply begin
[06CC:232C][2023-08-10T08:51:32]i010: Launching elevated engine process.
[06CC:232C][2023-08-10T08:51:37]i011: Launched elevated engine process.
[06CC:232C][2023-08-10T08:51:37]i012: Connected to elevated engine.
[1C18:1DF4][2023-08-10T08:51:37]i358: Pausing automatic updates.
[1C18:1DF4][2023-08-10T08:51:37]i359: Paused automatic updates.
[1C18:1DF4][2023-08-10T08:51:37]i360: Creating a system restore point.
[1C18:1DF4][2023-08-10T08:51:37]i362: System restore disabled, system restore point not created.
[1C18:1DF4][2023-08-10T08:51:37]i370: Session begin, registration key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{b7611441-c5ec-4632-b9bf-4373b405f850}, options: 0x7, disable resume: No
[1C18:1DF4][2023-08-10T08:51:37]i000: Caching bundle from: 'C:\Users\ADM~1.SHE\AppData\Local\Temp\3\{2B0E2C72-99B3-4FF9-910C-2941D4E56C1A}\.be\Azure ATP Sensor Setup.exe' to: 'C:\ProgramData\Package Cache\{b7611441-c5ec-4632-b9bf-4373b405f850}\Azure ATP Sensor Setup.exe'
[1C18:1DF4][2023-08-10T08:51:38]i320: Registering bundle dependency provider: {b7611441-c5ec-4632-b9bf-4373b405f850}, version: 2.208.16822.55278
[1C18:1DF4][2023-08-10T08:51:38]i371: Updating session, registration key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{b7611441-c5ec-4632-b9bf-4373b405f850}, resume: Active, restart initiated: No, disable resume: No
[1C18:217C][2023-08-10T08:51:39]i305: Verified acquired payload: MsiPackage at path: C:\ProgramData\Package Cache\.unverified\MsiPackage, moving to: C:\ProgramData\Package Cache\{D851E1CD-9114-4C42-B10E-BCB9352A0D54}v2.208.16822.55278\Microsoft.Tri.Sensor.Deployment.Package.msi.
[1C18:217C][2023-08-10T08:51:39]i305: Verified acquired payload: cab9C68882706A1052319FE6C1B5DE23439 at path: C:\ProgramData\Package Cache\.unverified\cab9C68882706A1052319FE6C1B5DE23439, moving to: C:\ProgramData\Package Cache\{D851E1CD-9114-4C42-B10E-BCB9352A0D54}v2.208.16822.55278\1.
[1C18:1DF4][2023-08-10T08:51:39]i323: Registering package dependency provider: {D851E1CD-9114-4C42-B10E-BCB9352A0D54}, version: 2.208.16822.55278, package: MsiPackage
[1C18:1DF4][2023-08-10T08:51:39]i301: Applying execute package: MsiPackage, action: Install, path: C:\ProgramData\Package Cache\{D851E1CD-9114-4C42-B10E-BCB9352A0D54}v2.208.16822.55278\Microsoft.Tri.Sensor.Deployment.Package.msi, arguments: ' ARPSYSTEMCOMPONENT="1" MSIFASTINSTALL="7" ACCESSKEY="*****" DelayedUpdate="" InstallationPath="C:\Program Files\Azure Advanced Threat Protection Sensor" InstalledVersion="" LogsPath="" PROXYCONFIGURATION="*****" WixBundleOriginalSourceFolder="C:\Users\adm.shealy\Desktop\Azure ATP Sensor Setup\"'
[1C18:1DF4][2023-08-10T08:51:58]e000: Error 0x80070643: Failed to install MSI package.
[1C18:1DF4][2023-08-10T08:51:58]e000: Error 0x80070643: Failed to execute MSI package.
[06CC:232C][2023-08-10T08:51:58]e000: Error 0x80070643: Failed to configure per-machine MSI package.
[06CC:232C][2023-08-10T08:51:58]i000: 2023-08-10 12:51:58.1859 Error Model LogError [\[]methodName=BootstrapperApplication_ExecutePackageComplete status=-2147023293 exception=[\]]
[06CC:232C][2023-08-10T08:51:58]i319: Applied execute package: MsiPackage, result: 0x80070643, restart: None
[06CC:232C][2023-08-10T08:51:58]e000: Error 0x80070643: Failed to execute MSI package.
[1C18:1DF4][2023-08-10T08:51:58]i318: Skipped rollback of package: MsiPackage, action: Uninstall, already: Absent
[06CC:232C][2023-08-10T08:51:58]i319: Applied rollback package: MsiPackage, result: 0x0, restart: None
[1C18:1DF4][2023-08-10T08:51:58]i329: Removed package dependency provider: {D851E1CD-9114-4C42-B10E-BCB9352A0D54}, package: MsiPackage
[1C18:1DF4][2023-08-10T08:51:58]i351: Removing cached package: MsiPackage, from path: C:\ProgramData\Package Cache\{D851E1CD-9114-4C42-B10E-BCB9352A0D54}v2.208.16822.55278\
[1C18:1DF4][2023-08-10T08:51:58]i372: Session end, registration key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{b7611441-c5ec-4632-b9bf-4373b405f850}, resume: None, restart: None, disable resume: No
[1C18:1DF4][2023-08-10T08:51:58]i330: Removed bundle dependency provider: {b7611441-c5ec-4632-b9bf-4373b405f850}
[1C18:1DF4][2023-08-10T08:51:58]i352: Removing cached bundle: {b7611441-c5ec-4632-b9bf-4373b405f850}, from path: C:\ProgramData\Package Cache\{b7611441-c5ec-4632-b9bf-4373b405f850}\
[1C18:1DF4][2023-08-10T08:51:58]i371: Updating session, registration key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{b7611441-c5ec-4632-b9bf-4373b405f850}, resume: None, restart initiated: No, disable resume: No
[06CC:232C][2023-08-10T08:51:58]i399: Apply complete, result: 0x80070643, restart: None, ba requested restart: No
[06CC:05C8][2023-08-10T09:24:59]i000: 2023-08-10 13:24:59.7528 Debug SensorBootstrapperApplication Run Engine.Quit [\[]deploymentResultStatus=-2147023293 isRestartRequired=False[\]]
[06CC:232C][2023-08-10T09:24:59]i500: Shutting down, exit code: 0x80070643
[06CC:232C][2023-08-10T09:24:59]i410: Variable: AccessKey = *****
[06CC:232C][2023-08-10T09:24:59]i410: Variable: InstallationPath = C:\Program Files\Azure Advanced Threat Protection Sensor
[06CC:232C][2023-08-10T09:24:59]i410: Variable: IsConfigured = True
[06CC:232C][2023-08-10T09:24:59]i410: Variable: Kb4019990Windows2008R2Exists = 0
[06CC:232C][2023-08-10T09:24:59]i410: Variable: Kb4019990Windows2012Exists = 0
[06CC:232C][2023-08-10T09:24:59]i410: Variable: NetFrameworkCommandLineArguments = /passive /showrmui
[06CC:232C][2023-08-10T09:24:59]i410: Variable: NetFrameworkRegistryValue = 460805
[06CC:232C][2023-08-10T09:24:59]i410: Variable: RebootPending = 0
[06CC:232C][2023-08-10T09:24:59]i410: Variable: ServerLevelsServerCoreRegistryValue = 1
[06CC:232C][2023-08-10T09:24:59]i410: Variable: ServerLevelsServerGuiShellRegistryValue = 1
[06CC:232C][2023-08-10T09:24:59]i410: Variable: VersionNT64 = 10.0.0.0
[06CC:232C][2023-08-10T09:24:59]i410: Variable: WixBundleAction = 5
[06CC:232C][2023-08-10T09:24:59]i410: Variable: WixBundleElevated = 1
[06CC:232C][2023-08-10T09:24:59]i410: Variable: WixBundleLog = C:\Users\ADM~1.SHE\AppData\Local\Temp\Azure Advanced Threat Protection Sensor_20230810085029.log
[06CC:232C][2023-08-10T09:24:59]i410: Variable: WixBundleLog_MsiPackage = C:\Users\ADM~1.SHE\AppData\Local\Temp\Azure Advanced Threat Protection Sensor_20230810085029_000_MsiPackage.log
[06CC:232C][2023-08-10T09:24:59]i410: Variable: WixBundleManufacturer = Microsoft Corporation
[06CC:232C][2023-08-10T09:24:59]i410: Variable: WixBundleName = Azure Advanced Threat Protection Sensor
[06CC:232C][2023-08-10T09:24:59]i410: Variable: WixBundleOriginalSource = C:\Users\adm.shealy\Desktop\Azure ATP Sensor Setup\Azure ATP Sensor Setup.exe
[06CC:232C][2023-08-10T09:24:59]i410: Variable: WixBundleOriginalSourceFolder = C:\Users\adm.shealy\Desktop\Azure ATP Sensor Setup\
[06CC:232C][2023-08-10T09:24:59]i410: Variable: WixBundleProviderKey = {b7611441-c5ec-4632-b9bf-4373b405f850}
[06CC:232C][2023-08-10T09:24:59]i410: Variable: WixBundleRollbackLog_MsiPackage = C:\Users\ADM~1.SHE\AppData\Local\Temp\Azure Advanced Threat Protection Sensor_20230810085029_000_MsiPackage_rollback.log
[06CC:232C][2023-08-10T09:24:59]i410: Variable: WixBundleSourceProcessFolder = C:\Users\adm.shealy\Desktop\Azure ATP Sensor Setup\
[06CC:232C][2023-08-10T09:24:59]i410: Variable: WixBundleSourceProcessPath = C:\Users\adm.shealy\Desktop\Azure ATP Sensor Setup\Azure ATP Sensor Setup.exe
[06CC:232C][2023-08-10T09:24:59]i410: Variable: WixBundleTag =
[06CC:232C][2023-08-10T09:24:59]i410: Variable: WixBundleUILevel = 4
[06CC:232C][2023-08-10T09:24:59]i410: Variable: WixBundleVersion = 2.208.16822.55278
[06CC:232C][2023-08-10T09:25:00]i007: Exit code: 0x80070643, restarting: No
Aug 14 2023 06:52 AM
Aug 14 2023 08:29 AM
Aug 16 2023 07:56 AM
@Shaun848
If the log is missing it might be that the deployer process was blocked.
I suggest a support case at this point, you might need to get some more diag tools running like procmon to understand what exactly happened there.