Over 1 million tech questions and answers.

Error 1067 Lightweight Gateway doesn't start in ESX / Problem VMware ESXi

Q: Error 1067 Lightweight Gateway doesn't start in ESX / Problem VMware ESXi

Hi, I have an issue with ATA 1.7.

I have deployed ATA in my lab environment (VMware ESXi) but the ATA GATEWAY service keeps on Starting. When I manually tried to restart, it showed an error:

Windows could not start the Microsoft Advanced Threat Analytics Gateway service on Local Computer.Error 1067: The Process terminated unexpectedly.

Then, I tried to deployed my lab in my laptop (2 VMs / VMWARE Workstation) and ATA works fine. These same VMs don't work on ESX, the network configuration is good but error 1067 again

Is there some special prerequisites/configuration on ESX ?


Center: Windows 2012 R2 / 4 core / 8 go ram

DC + Lightweight Gateway: Windows 2012 R2 / 4 core / 8 go ram

Read other answers
Preferred Solution: Error 1067 Lightweight Gateway doesn't start in ESX / Problem VMware ESXi

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)



We are trialing ATA, our setup:
ESXi version = 5.1 - older but is it truly significant?
ATA Center 1.91 on Windows Server 2016 on ESXi - 32 Gb RAM, 300Gb HDD
ATA Lightweight Gateway - one operates ok on a physical AD server.
The second (and last) Lightweight Gateway install attempts on a VM - AD  server (2012 R2 with KB 2919355 installed, 2 core, 8Gb memory) every time crashes the ESX host on attempt to install.
I dont think we are using memory sharing (how to verify this please?). Memory Hot Add is disabled at least.
The sizing tool indicates there shouldn't be a resource issue. 
ESX crashes almost as soon as we click on download and install the Gateway to the DC from a web interface on the DC.
Best Regards

Read other answers

WLAN AutoConfig service gives error 1067 when trying to start it.

What I've tried:

Reset winsock settings
Ran SFC /scannow
Did system restore
Uninstalled and reinstalled drivers

I tried all of these in normal mode AND in safe mode. None of it worked.

Then i thought the service dll (C:\Windows\system32\wlansvc.dll) itself might have been damaged/outdated, so I decided to delete it and put a new one from donor pc. NOPE.
It wouldn't give me access to the file. No matter what i tried, safe mode, unlocker tools, auto rename it on startup, doing everything in administrator or even messing with permissions under file properties. It just wouldn't give me access to the file.

Wi-Fi was working smoothly few days ago and i literally have no idea why it stopped working.


Windows 7 Professional 32-bit
3945ABG Wi-Fi card
Any idea how to fix it? Thanks in advance

A:WLAN AutoConfig service doesn't start, error 1067

Extensible Authentication Protocol (service) is running or can be started?
CNG Key Isolation Service is running or can be started?

Read other 4 answers

We recently implemented ATA with the Lightweight Gateway model across about a dozen Domain Controllers this past weekend. Half of the DCs are physical and the other half are VMWare VMs. We sized both the ATA Center and the Domain Controllers based off the
packet per/sec recommendations and took the average. For reasons unknown, all of our VMs are alerting with the "Dropped port mirrored network traffic"
alert across all of the VMs, but not one of the physicals has alerted.
Has anyone else experienced this behavior and resolved it successfully? It appears to be a false-positive, but I would have to hit the "ignore me" button and not see it when valid.

Read other answers

We removed two lightweight gateways from our environment, and only have lightweight gateways installed. We deployed a new DC that has the IP address of the old DC but a different hostname. For the life of me I can't find where a cached thumbprint or a cert
discrepency might be hiding. I get the below error on ATA center. The gateway service will not start on the new DC.
Version 1.9.7412.9649
2019-03-15 22:15:55.8645 10424 54  Error [AppBuilderExtension] Failed to validate certificate thumbprint [thumbprint=XXXXXXXXXXXXXXXXXXX] from XXX.XXX.XXX.XXX
2019-03-15 22:15:55.8645 10424 54  Error [CertificateValidator] System.IdentityModel.Tokens.SecurityTokenValidationException: Failed to validate certificate thumbprint [thumbprint=XXXXXXXXXXXXXXXXXXX]
   at Microsoft.Tri.Infrastructure.Utils.CertificateValidator.Validate(String thumbprint)
   at Microsoft.Tri.Infrastructure.Utils.CertificateValidator.Validate(X509Certificate2 certificate)
   at async Microsoft.Tri.Common.Management.AppBuilderExtension.<>c__DisplayClass3_0.<UseCertificateValidation>b__0(?)
   at async Microsoft.Owin.Security.Infrastructure.AuthenticationMiddleware`1.Invoke[](?)
   at async Microsoft.Tri.Common.Management.AppBuilderExtension.<>c.<UseExceptionHandler>b__2_0(?)

Read other answers

I am getting the following error when my lightweight gateway agent tries to start on one of my Windows 2008R2 Domain Controllers:
2016-10-11 18:26:38.4188 2112 5   00000000-0000-0000-0000-000000000000 Error [IDataCollectorSet] System.Runtime.InteropServices.COMException (0xC0000BC9): Exception from HRESULT: 0xC0000BC9
   at PlaLibrary.IDataCollectorSet.start(Boolean Synchronous)
   at Microsoft.Tri.Infrastructure.Utils.DataCollectorSet.Start(String name)
   at Microsoft.Tri.Infrastructure.Framework.PerformanceCounterManager.<OnStartAsync>d__7.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Tri.Infrastructure.Framework.Module.<StartAsync>d__19.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Tri.Infrastructure.Framework.ModuleManager.<OnStartAsync>d__5.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerS... Read more

Read other answers

One of our lightweight gateways is now failing to startup.  The issue started after we rebooted the domain controller after our monthly patch window.  I tried reinstalling the gateway but it still won't start.  The other two DCs we have lightweight
gateways on are still working just fine.  They got the same set of patches and were also rebooted but they start up just fine.  I also tried restarting the services again but they start up so the problem appears to be isolated on this one DC.
I looked in the "Microsoft.Tri.Gateway-Errors.log" and the couple errors I see are below but I haven't been able to find related articles that talk about how to fix them.
Microsoft.Tri.Infrastructure.ExtendedException: Failed to communicate with the configured domain controllers
Microsoft.Tri.Infrastructure.ExtendedException: Failed to connect to domain controller [DomainControllerDnsName=xxxxxx.local ErrorCode=82] ---> System.DirectoryServices.Protocols.LdapException: a local error occurred.
A few of the things I have tried are:
- Confirmed using the ldp.exe tool that I could connect via both 389 and 636 to itself as well as the other two DCs.
- Uninstall and reinstall, didn't fix the issue.  The new gateway does appear in the console in a "Start Failed" status.  Makes me think it isn't a problem with the lightweight gateway being able to talk to the console.
- Other than the patches the only thing else that we know chang... Read more

Read other answers

The lightweight gateway ran for a month or so then it stopped last week.  After reinstalling and rebooting the DC, the lightweight gateway started again.  It ran for a few days but stopped again.  Reinstalling and rebooting didn't help this
time.  I tried reinstalling a couple of times.  No luck.  I get this: "error 1067: the process terminated unexpectedly" when trying to restart the service.  The error log doesn't help me much.  Maybe someone else can decode
2016-08-09 16:55:49.6348 172 5   00000000-0000-0000-0000-000000000000 Error [DirectoryServicesClient+<SearchInternalAsync>d__23] Microsoft.Tri.Infrastructure.ExtendedException: LDAP search failed [DomainControllerDnsName=WORK-DNS2.dcsms.org
IsGlobalCatalog=True DistinguishedName=DC=hhh,DC=test,DC=org Scope=Base Filter= AttributeNames=canonicalName objectClass whenCreated displayName distinguishedName objectGUID isDeleted name objectSID whenChanged lockoutDuration lockoutThreshold maxPwdAge minPwdAge
pwdHistoryLength pwdProperties fSMORoleOwner replUpToDateVector] ---> Microsoft.Tri.Infrastructure.ExtendedException: LDAP search failed [ResultCode=Referral]
   at Microsoft.Tri.Gateway.Resolution.DirectoryServices.DirectoryServicesClient.<SearchInternalAsync>d__23.MoveNext()
   --- End of inner exception stack trace ---
   at Microsoft.Tri.Gateway.Resolution.DirectoryServices.DirectoryServicesClient.... Read more

Read other answers

We have lightweight gateways installed on 3 other DCs and they all work fine. On a fourth DC, the service won't start.  I get an Error 1067 if I try to manually start it.  In the error log, I see:
2016-08-16 19:17:54.3467 4028 5   00000000-0000-0000-0000-000000000000 Error [PerformanceCounterLib] System.InvalidOperationException: Category does not exist.
   at System.Diagnostics.PerformanceCounterLib.CounterExists(String machine, String category, String counter)
   at System.Diagnostics.PerformanceCounter.InitializeImpl()
   at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName, Boolean readOnly)
   at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName)
   at Microsoft.Tri.Gateway.Service.GatewayAppDomainManager.<OnInitializeAsync>d__7.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Tri.Infrastructure.Framework.Module.<InitializeAsync>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) ... Read more

Read other answers

2017-07-11 12:44:08.1666 532 15  580018f6-fc9f-41e0-a929-5796a97a33eb Error [AsyncResult] First try to update GatewaySystemProfile failed
2017-07-11 12:44:08.1666 532 15  580018f6-fc9f-41e0-a929-5796a97a33eb Error [AsyncResult] System.ServiceModel.CommunicationException: The socket connection was aborted. This could be caused by an error processing your message or a receive timeout being
exceeded by the remote host, or an underlying network resource issue. Local socket timeout was '00:09:59.9687478'. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
   at System.ServiceModel.Channels.SocketConnection.HandleReceiveAsyncCompleted()
   at System.ServiceModel.Channels.SocketConnection.OnReceiveAsync(Object sender, SocketAsyncEventArgs eventArgs)
   --- End of inner exception stack trace ---
Server stack trace:
   at System.Runtime.AsyncResult.End[TAsyncResult](IAsyncResult result)
   at System.ServiceModel.Channels.CommunicationObject.EndOpen(IAsyncResult result)
Exception rethrown at [0]:
   at System.Runtime.AsyncResult.End[TAsyncResult](IAsyncResult result)
   at System.ServiceModel.Channels.ServiceChannel.SendAsyncResult.End(SendAsyncResult result)
   at System.ServiceModel.Channels.ServiceChannel.EndCall(String action, Object[] outs, IAsyncResult result)
   at System.ServiceModel.Channels.ServiceChannelPro... Read more

Read other answers

Hello ,
i installed lightweight gateway on my dc 
in the logs i can see the error is ldap seasch failed on sub domain.
is there any way to tell ata not to search on subdomains ?

Read other answers

Hi All,
I've recently completed the deployment of a large number of ATA lightweight gateways in our environment.  All of them are working great, except for one. The service hangs on starting for a long period of time and then fails to start. This is a server
2008r2 standard domain controller, and the recurring error I can find in the Microsoft.Tri.Gateway-errors file is below:
2017-07-07 20:20:57.4359 2604 5   00000000-0000-0000-0000-000000000000 Error [Enumerable] System.InvalidOperationException: Sequence contains more than one element
   at System.Linq.Enumerable.Single[TSource](IEnumerable`1 source)
   at async Microsoft.Tri.Gateway.Resolution.DirectoryServices.DirectoryServicesClient.ConnectDisconnectedDomainControllersAsync(?)
   at async Microsoft.Tri.Gateway.Resolution.DirectoryServices.DirectoryServicesClient.OnInitializeAsync(?)
   at async Microsoft.Tri.Infrastructure.Framework.Module.InitializeAsync(?)
   at async Microsoft.Tri.Infrastructure.Framework.ModuleManager.OnInitializeAsync(?)
   at async Microsoft.Tri.Infrastructure.Framework.Module.InitializeAsync(?)
   at async Microsoft.Tri.Infrastructure.Framework.Service.OnStartAsync(?)
   at Microsoft.Tri.Infrastructure.Framework.Service.OnStart(String[] args)

I've uninstalled/reinstalled, reset performance counters, rebooted, etc.  And I'm out of ideas.  Any help would be greatly appreciated.  T... Read more

Read other answers

I have this issue on a couple of my DC's, I cannot start either service on the LW GW's and I'm unable to uninstall through programs and features or via silent uninstall 

[3010:422C][2018-05-22T08:00:26]e000: Error 0x80070643: Failed to execute MSI package.

2012 R2 and 2016 DC's
ATA v1.8.676536693

Read other answers

I installed a lightweight gateway in a child domain in the forest (there are working trusts).  I am getting an error message while the service fails to start:

2018-05-22 18:44:00.0328 6332 9   Error [DirectoryServicesClient+<CreateLdapConnectionAsync>d__32] Microsoft.Tri.Infrastructure.Utils.ExtendedException: Failed to connect to domain controller [DomainControllerDnsName=HOSTNAME.DOMAIN ErrorCode=82] ---> System.DirectoryServices.Protocols.LdapException: A local error occurred.
   at System.DirectoryServices.Protocols.LdapConnection.BindHelper(NetworkCredential newCredential, Boolean needSetCredential)
   at async Microsoft.Tri.Gateway.Resolution.DirectoryServices.DirectoryServicesClient.CreateLdapConnectionAsync(?)
   --- End of inner exception stack trace ---
   at async Microsoft.Tri.Gateway.Resolution.DirectoryServices.DirectoryServicesClient.CreateLdapConnectionAsync(?)
   at async Microsoft.Tri.Gateway.Resolution.DirectoryServices.DirectoryServicesClient.CreateLdapConnectionAsync(?)
   at async Microsoft.Tri.Gateway.Resolution.DirectoryServices.DirectoryServicesClient.TryCreateLdapConnectionAsync(?)
2018-05-22 18:44:00.0328 6332 5   Error [DirectoryServicesClient+<OnInitializeAsync>d__14] Microsoft.Tri.Infrastructure.Utils.ExtendedException: Failed to communicate with configured domain controllers
   at async Microsoft.Tri.Gateway.Resolution... Read more

Read other answers

I've just installed ATA following a previous trial of 1.2 now that the lightweight gateway is available, the gateway is working fine on virtual DCs (although dropping some traffic due to resources apparently). however the physical DC seemed to work fine
initially, but now the service will not start.
I get service control manager events logged with event ID 7031 for Microsoft Advanced Threat Analytics Gateway continually.
I have removed and re-installed the gateway 3 times so far with no improvement.
the Microsoft.Tri.Gateway-Resolution.log file has the following:
2016-08-25 14:45:15.7387 7872 5   00000000-0000-0000-0000-000000000000 Error [WmiEtwRpcMessagePusher] System.ApplicationException: Unable to start ETW session MMA-ETW-Livecapture-a4f595bd-f567-49a7-b963-20fa4e370329
Host Name: Localhost
 ---> System.ApplicationException: Provider Microsoft-PEF-NDIS-PacketCapture does not work remotely. Please create a new session without it.
   at Microsoft.Protocols.Tools.DataSourceConfig.EtwDataSource.WmiEtwRpcMessagePusher.MISessionInit(EtwSessionConfig sessionCfg)
   at Microsoft.Protocols.Tools.DataSourceConfig.EtwDataSource.WmiEtwRpcMessagePusher.Enable()
   --- End of inner exception stack trace ---
   at Microsoft.Protocols.Tools.DataSourceConfig.EtwDataSource.WmiEtwRpcMessagePusher.Enable()
   at Microsoft.Protocols.Tools.DataSourceConfig.EtwDataSource.WmiEtwRpcMessagePusher.Start(Boolean s... Read more

Read other answers

I recently had a lightweight gateway that stopped checking in with ATA.  I found the ATA services not running, and couldn't start them.  I tried uninstalling the lightweight gateway from the server, but the uninstall failed.  Attempted to
run the setup again, but it won't run because it sees that it's already installed.
Per the suggestion here: https://social.technet.microsoft.com/Forums/lync/en-US/e54b04aa-10b0-4ef8-8aad-4d3fd5bc75ec/i-cannot-uninstall-ata-gateway-after-installing-from-the-zip-file?forum=mata
I searched the registry for anything mentioning Advanced Threat Analytics and removed it, and ran the setup again.  The setup didn't seem to complete successfully, and the services still won't start.  However ATA doesn't show up in add/remove programs
anymore, and I don't see any registry keys under HKLM\Software which contain 'Advanced Threat Analytics'.
What's the best way to clean this up and get it working again?
Also, we get ATA as part of our EMS subscription.  Does that subscription include Tech support for ATA? 

Read other answers

Has anyone gotten any W8 version to work/install on ESXi 5.0?

If so could you provide instructions?


A:W8 CP or DP on VMware ESXi 5.0?

Hi there
I haven't done this yet but usually VMware's own instructions are pretty good .

VMware KB: Windows 8 operating system does not boot or install on ESXi or ESX


Read other 2 answers


I have VMware setup on 192.168.1.x (gateway 192.168.1.x) but I want to use a secondary subnet for a VM on the server that will have an IP of 192.168.0.x. Now on my sonicwall I have setup an ARP for the gateway for 192.168.0.x and setup a route and everything seems to work.

So the VMware server works fine on 192.168.1.x and the vm connects to 192.168.0.x BUT the vm will not make an internet connection, I can make a network connection from my workstation from 192.168.1.x to 192.168.0.x so the sub lan seems to be working.

I can make an internet connection from the VMWare server and ping google and the DNS are setup correctly and if I connect a laptop to the nextwork 192.168.1.x it gets an internet connection.

What have I missed that won't allow this vm to go on the next?

(This VMWare server has only one nic)

Read other answers

I am attempting to lab up ATA 1.7.1, and am having a similar issue to the following ATA Forum thread: https://social.technet.microsoft.com/Forums/security/en-US/c817193a-9859-48fa-a208-eb644b17005b/service-on-lightweight-gateway-wont-start?forum=mata
Event viewer is showing that the service is attempting to restart, and the ATA logs are full of this error (occurs every 20 seconds):
2016-10-18 23:49:50.2983 856 5 00000000-0000-0000-0000-000000000000 Error [DirectoryServicesClient+<OnInitializeAsync>d__12] Microsoft.Tri.Infrastructure.ExtendedException: Domain controllers are not configured
at Microsoft.Tri.Gateway.Resolution.DirectoryServices.DirectoryServicesClient.<OnInitializeAsync>d__12.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Tri.Infrastructure.Framework.Module.<InitializeAsync>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Tri.Infrastructure.Framework.ModuleManager.<OnInitializeAsync>d__4.MoveNext()
--- End of stack trace from previous location whe... Read more

Read other answers

I want a download like for vmware esxi server 2.5 version which support 32bit operating system

Read other answers

Hi there.

I got esxi running but not really satisfied with performance and the hassle of controlling VM's from a remote computer.

So I decided to re-visit using KVM (can be considered Linux's equivalent to HYPER-V). KVM is free of course (it's part of most Linux distros - but RHEL (and Centos naturally) has this down to a fine art so install documentation is really good.

It turned out surprisingly easy from a CENTOS 7 HOST and I/O performance is STREETS ahead of both VMWARE workstation and the VM running under Esxi.

The other nice thing is that you can also control the VM's on the LOCAL HOST. PCI passthru works fine and you can use "paravirtualisation" if you want to install specific hardware drivers on the VM to extract even better performance.

VMware esxi VM's can be converted easily enough - or re-installing the Guest OS is a doddle anyway.

(Note - you have to enable VT-X in the BIOS on intel CPU's --usually all done by default these days -- for AMD there's an equivalent but don't know what it is).

Very happy with this solution -- you can install a minimal Linux system and control everything via a CLI if you don't want a Linux GUI. I'd recommend doing it from the GUI for beginners.

For those playing around with Linux Hosts who want to try other ways of running Windows Guests I'd recommend having a look at KVM -- it really is surprisingly easy -- AND STABLE !!!. Also being able to control the VM's from a local host is a great advantage for ... Read more

Read other answers

Hello I will buy HP Z230 Workstation with Intel Xeon E3 1200 CPU Can i install VMware ESXi 5.5 on this device. Thanks

Read other answers

Hi, I am new here and i like to know something about the  Z400 & Z600.My plan is for studie purpuse to buy a HP Z workstation.i like to install Esxi 5.x or 6.x  on it but i need to be sure that it will work with them. HP Z400 Workstation Intel Xeon Six Core E5649 2.53-2.93GHz/24GB/1TB SATA/DVD/FX-1800/LanOrHP Z600 Workstation Intel Xeon Six Core E5649 2.53-2.93 GHz/24GB/2TB/DVD/nVidia NVS295/Lan  any help is appreciated

Read other answers

I'm trying to install the ATA Lightweight gateway on Server 2016 Core Domain controller. I have this installed on other Server 2016 core DCs and no issue. This particular server gives the error below. Any help is greatly appreciated. Firewall is disabled.
Resources are fine.

2018-07-09 14:29:37.8435 5304 5   Error [WebClient+<InvokeAsync>d__8`1] System.Net.Http.HttpRequestException: PostAsync failed [requestTypeName=UpdateGatewaySystemProfileRequest] ---> System.Net.Http.HttpRequestException: Response
status code does not indicate success: 500 (Internal server error).
   at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()
   at async Microsoft.Tri.Common.Communication.WebClient.PostAsync[](?)
   at async Microsoft.Tri.Common.Communication.WebClient.InvokeAsync[](?)
   --- End of inner exception stack trace ---
   at async Microsoft.Tri.Common.Communication.WebClient.InvokeAsync[](?)
   at async Microsoft.Tri.Common.Communication.WebClient.InvokeAsync[](?)
   at async Microsoft.Tri.Gateway.Common.Service.GatewayConfigurationManager`1.GetConfigurationAsync[](?)
   at async Microsoft.Tri.Infrastructure.Framework.ConfigurationManager`2.UpdateConfigurationAsync[](?)
   at async Microsoft.Tri.Gateway.Common.Service.GatewayConfigurationManager`1.UpdateConfigurationAsync[](?)
   at async Microsoft.Tri.Infrastructure.Framework.Configu... Read more

Read other answers

Hi there
Having got the vm to work on a W7 Host machine I thought of trying it out on Esxi -- I have a few VM's running on vmware's Esxi which I run on a fairly modest "White Box".

Direct install of the vm using vSphere fails but using the stand alone vmware converter to convert the vm I got running under vmware workstation W8 works fine.


A:Installing W8 as a VM with vmware EsXi - also works BUT : read

That nice to know. People got Windows 8 install to work on VMWare Workstation 8. Since it's paid version I'm not able to test it.

Read other 3 answers

VMware ESXi Available For Free Starting Today, i.e. yesterday (July 28, 2008)

-- Tom

Read other answers

Lightweight Gateway

I have an issue where one of my Lightweight Gateway services started to die on me. I then uninstalled the agent restarted the DC and then installed the Lightweight Gateway again. After the installation the services still died for me. I then tried to uninstall
it again but the uninstall hanged for me and I had to kill the uninstall.
I search the forum and found how to remove the product that was in this state by doing this
1. Remove the services
2. Remove the ata folder in program files
3. Remove references in the registry to ATA
Downloaded a new copy of the client from the console
After doing this I restarted the server and tried to install the gateway again and it failes with error 0x80070643
Microsoft Advanced Threat Anlaytics Gateway log
[15E8:1744][2017-04-13T09:36:46]i001: Burn v3.10.3.3007, Windows v6.3 (Build 9600: Service Pack 0), path: C:\Users\ADD-PE~1\AppData\Local\Temp\{801F942A-44AA-4DCE-9D35-0A88CF296AC1}\.cr\Microsoft ATA Gateway Setup.exe
[15E8:1744][2017-04-13T09:36:46]i000: Initializing string variable 'InstallationConfigurationFilePath' to value '[WixBundleOriginalSourceFolder]\GatewayInstallationConfiguration.json'
[15E8:1744][2017-04-13T09:36:46]i000: Initializing hidden variable 'ConsoleAccountPassword'
[15E8:1744][2017-04-13T09:36:46]i000: Initializing hidden variable 'ManagementAuthenticationToken'
[15E8:1744][2017-04-13T09:36:46]i000: Initializing string variable 'NetFrameworkCommandLineArguments' to value... Read more

Read other answers

Hi there.

I LIKE the idea of a bare metal Hypervisor - I've tried Esxi (VMware) in the past and although it works it's a bit fiddly on what hardware it works on and there's no CLI for managing VM's --you have to do this with a separate machine using vCenter which USED TO BE FREE -- and now this part is NOT available in the free offering any more (if you upgrade to the latest version of ESXI (5.5) you won't be able to manage / modify VM's any more - at least in the FREE offering -- you have to BUY the latest vCenter -- so I've now junked Esxi.

It seems from Internet discussions that Free ESXI might be being phased out anyway so a good time to jump ship to Ms.

Read this :


Does 2012 HYPER-V SERVER R2 (it's FREE BTW) work decently as a hypervisor -- I'm only really interested in running Windows VM's.

I actually quite like W2012 SERVER but I don't really need the full server edition for hosting VM's. I want to use W2012 server as a VM anyway.

I've been quite a happy user of VMware workstation in the past but it's quite expensive and needs a full blown OS to run on even though it can now run VM's in the background.

I need to run the following Guest OS's (or VM's) on it ===> W2003 server, 2 XP PRO VM's (one ENG, on ISL), one W7 Enterprise, one W8.1 Enterprise and one W2012 server .

The Host machine has plenty of RAM and storage and has a decent 3.2 GHZ QUAD processor in it so running these VM's should be fine in theory... Read more

A:HYPER-V SERVER R2 (Esxi 5.5 needs PAID vCENTER - vmware)

Vcenter server was Never free Jimbo.

You can still use the existing client to manage vms on the free esxi 5.5, but you need to be sure that you do NOT upgrade the vm hardware on these VMs to version 10. Even newly created vms will start as version 8, it's a manual process to upgrade them and it comes with a warning that the web client will be required.

I'm actually pretty surprised this is being handled this way, but it's not likely a big issue unless you ignore the warnings.

HyperV was never a product I liked. Prior to Windows 8, remotely managing vms was a total nightmare with a bunch of dcom stuff you had to manually set up. It's still a crapshoot whether a Linux vm is going to work. I steer clear of this supervisor.

Citrix Zen server is a free product. Pretty good too.

Read other 6 answers

I am having problems installing the lightweight gateway on almost all of our DCs.  I was able to successfully install a lightweight gateway on our one DC that is running server 2016.  All the rest of the DCs are running server 2012r2 and fail every
time.  I have verified that all the KBs are installed and I have tried all the difference fixes online.  I have also tried the running the exe with PSexec but I am absolutely unable to get this installed on any DC with Server 2012R2.  any help
would be greatly appreciated.  I attached the log file below
[30EC:17F4][2017-08-28T10:51:36]i001: Burn v3.11.0.1701, Windows v6.3 (Build 9600: Service Pack 0), path: C:\Users\administrator\AppData\Local\Temp\3\{63073131-4E95-4ABD-ADC7-D3845D0DA484}\.cr\Microsoft ATA Gateway Setup.exe
[30EC:17F4][2017-08-28T10:51:36]i000: Initializing string variable 'InstallationConfigurationFilePath' to value '[WixBundleOriginalSourceFolder]\GatewayInstallationConfiguration.json'
[30EC:17F4][2017-08-28T10:51:36]i000: Initializing hidden variable 'ConsoleAccountPassword'
[30EC:17F4][2017-08-28T10:51:36]i000: Initializing hidden variable 'ManagementAuthenticationToken'
[30EC:17F4][2017-08-28T10:51:36]i000: Initializing string variable 'NetFrameworkCommandLineArguments' to value '/passive /showrmui'
[30EC:17F4][2017-08-28T10:51:36]i009: Command Line: '"-burn.clean.room=C:\temp\Microsoft ATA Gateway Setup-1-8-2\Microsoft ATA Gateway Setup.exe" -burn.filehandle.... Read more

Read other answers

i have an ata-center hosted in ESXi host, and it use 1 adapter physical with more virtual machine other, and i have more than 7 domain controllers server have installed ata lightweight gateway. I wonder to ask about problem traffic send from DC to ATA Center?
it can be very big to affected network perfomance of other VM hosted in same ESXi host, in my situation, shoud i deploy more ATA center( i don't know how, i just had 1 forest, if can, can provide me how), or other workaround.
thank you very much.

Read other answers

Installing ATA on a 2012 R2 but the Center service wont start. Getting the following error.
Please can someone assist?
Hardware is adequate 4Cores 48Gig Ram
[1018:083C][2017-03-15T02:28:15]i052: Condition 'NetFrameworkRegistryValue >= 394254' evaluates to false.
[1018:083C][2017-03-15T02:28:15]i052: Condition 'NetFrameworkRegistryValue >= 394254' evaluates to false.
[1018:083C][2017-03-15T02:28:15]i101: Detected package: NetFrameworkPackageServer, state: Absent, cached: None
[1018:083C][2017-03-15T02:28:15]i101: Detected package: NetFrameworkPackageServerCore, state: Absent, cached: None
[1018:083C][2017-03-15T02:28:15]i101: Detected package: BundleActionsPackage, state: Absent, cached: None
[1018:083C][2017-03-15T02:28:15]i101: Detected package: MongoDBPackage, state: Absent, cached: None
[1018:083C][2017-03-15T02:28:15]i101: Detected package: MsiPackage, state: Absent, cached: None 

Read other answers

I am running Windows XP Home SP3 on a Lenovo SL500.
The laptop suddenly stopped connecting to the internet (stuck on acquiring network address). Then suddenly sound stopped working (even though I have the correct drivers installed).
I have tried the following:
1) going to the previous working version - no luck
2) I went to services.msc and found the DHCP client won't start. When I try to force start it, it gives me error 1067. ipconfig gives an error saying "an internal error has occurred. the system cannot find the file specified". I have no idea what file this is. Also, in services.msc when I restart windows audio to get sound back, it starts and then stops again. I also noticed other services like Wireless Zero that should be running are stopped. When I turn them on, they stay on for a short while before stopping automatically.
3) I ran winsockxpfix.exe, sfc.exe /scannow - no luck
4) I did a registry clean - no luck
5) I did a repair install of Windows again and still no luck.
Does anyone have any clue what's wrong and how I can fix this? I don't want to have to format and do a fresh install if possible.
Thank You.

A:DHCP client will not start - error 1067

Try running these at a command prompt restarting after each to see if DHCP will start.  Make sure you have your XP CD handy for the second.
netsh winsock reset

sfc /scannow

Read other 6 answers

I have recently installed Windows 7 on my new computer. My sound drivers are all up to date, and the Device Manager knows they are there and working. However, the Volume Adjuster has the speaker with the red and white cross, and when the audio troubleshooter pops up, it does nothing to fix the problem, just acknowledges that there is one...

So, I looked up solutions, and was told to enable the Windows Audio service. I tried, and got a 1067 Error (Unexpectedly terminated). I have started, and successfully run, all of the dependencies, yet Windows Audio still won't run. I ran the 'sfc /scannow' as I was told that might work, but no luck. I also uninstalled and reinstalled my audio driver numerous amounts of times, still no luck. I'm running out of options, so I came here.

Please, any help would be appreciated.

A:Windows Audio service won't Start Error 1067

Did you clean install Windows 7 or upgrade?

Read other 6 answers

Hello! This is my first time asking for help; thank you for your time.

I have an Asus N550JV laptop with windows 8. It has been working great the last year, but after a recent windows update, my audio completely stopped working. After running the troubleshooter, it stated the following:

One or more audio service isn't running
Not fixed

Both the Windows Audio and the Windows Audio End Point Builder services must be running for audio to work correctly. Atleast one of these services isn't running.

After doing some research, I was able to view the local services running on my laptop. I found that Windows Audio Endpoint Builder is running, but Windows Audio is not. When trying to start Windows Audio, I got the following messgae:

Windows could not start the Windows Audio service on Local Computer.
Error 1067: The process terminated unexpectedly.

How do I get my audio back? I have Online Lectures I need to watch for school, so any help would be great! Thank you for your time

A:Windows Audio Service will not start, error 1067

Do you have a System Restore point that is BEFORE the last update?

Sadly, you may have to do a reinstall or if you have a backup a restore from the backup. My Windows 8.1 was corrupted by the last update (my suspicion). Fortunately I had a recent full backup and restored from the backup.

Read other 1 answers

See below Mongo db error log.  Could this be related?

2018-12-05 22:59:22.5294 4872 1234 Error [CommandWireProtocol`1] MongoDB.Driver.MongoCommandException: Command collStats failed: Collection [ATA.ServiceInstalledEvent_20180608051637] not found..
   at MongoDB.Driver.Core.WireProtocol.CommandWireProtocol`1.ProcessReply(ConnectionId connectionId, ReplyMessage`1 reply)
   at async MongoDB.Driver.Core.WireProtocol.CommandWireProtocol`1.ExecuteAsync[](?)
   at async MongoDB.Driver.Core.Servers.Server.ServerChannel.ExecuteProtocolAsync[](?)
   at async MongoDB.Driver.Core.Operations.CommandOperationBase`1.ExecuteProtocolAsync[](?)
   at async MongoDB.Driver.Core.Operations.ReadCommandOperation`1.ExecuteAsync[](?)
   at async MongoDB.Driver.OperationExecutor.ExecuteReadOperationAsync[](?)
   at async MongoDB.Driver.MongoDatabaseImpl.ExecuteReadOperationAsync[](?)
   at async Microsoft.Tri.Center.Database.MongoDatabaseExtension.RunAsync(?)
   at async Microsoft.Tri.Center.Database.CappedCollection`1.UpdateCurrentCollectionEntityCountAsync[](?)
   at async Microsoft.Tri.Infrastructure.Extensions.TaskExtension.<>c__DisplayClass33_0.<RunPeriodic>b__0(?)

Read other answers

I purchased a Netgear Push2TV PTV3000, and updated the firmware, downloaded the latest Intel WiDi, and tried to connect. The search for WiDi adapters found the PTV3000, so I double-clicked to install it. Add a Device ran, but could not find the PTV3000.
Searching the Web I found I needed to insure WiDiApp and Wireless PAN DHCP Server were allowed through the firewall. I found that the WiDiApp was listed in, and allowed through the firewall. I could not find any mention of Wireless PAN DHCP Server in the firewall.
I found the entry in Services, and it was listed as Manual. I set it to Automatic and tried to Start the service. I received an Error 1067: The process terminated unexpectedly.  I am running Windows 8 on a Sony SVS15118FXB.
As a possibly associated issue, since I believe Bluetooth also uses the Wireless PAN DHCP Server, I cannot get Bluetooth to function on the same computer. Attempts to connect Sony Bluetooth speakers also fail.  Maybe the same issue?
Any help would be most appreciated...

A:WiDi can't connect, found Wireless PAN DHCP Server can't start with error 1067

Please post in Windows 8 forums.Arnav Sharma | Facebook |
Twitter Please remember to click ?Mark as Answer? on the post that helps you, and to click ?Unmark as Answer? if a marked post does not actually answer your question. This can be beneficial to other community members
reading the thread.

Read other 3 answers

Since April I I am facing the problem where my audio service show a red X.  I did all the what the forum states and I just tried to ensure all the dependencies services are started.  However, the audio service does not start but shows the error
1067.I have even installed the driver for my sound card SB Live! 24.
I have run out of option but to ask for your help.  Can you please help me to resolve this issue.  My computer was running smoothly without any problem and suddenly i am facing this issue.
Help, Help!!!!


Read other answers

I have come across a situation like this.
I planned to install ATA Gateway to monitor datacenter DC traffic. These 4 DCs are physical blade servers resides in a single HP blade enclosure. And 2 switches in blade enclosure are connecting to 2 different physical switches. These 2 rack switches are
basic switches which doesn't support stacking or any other method to do port mirroring (RSPAN). So will it be possible to place a gateway?
Secondly, when I ran the sizing tool, lightweight gateways can be installed on these 4 DCs with hardware upgrades. I can upgrade RAM, but since these servers are old, I have an issue with increasing processors because processors are not available to be purchased.
The recommendation is to upgrade just 1-3 cores in a server.
So I want to know whether not increasing processors in DCs will adversely affect the functionality of LWGW and the DC? And any other good method to take care (GW or LWGW) of this 4 physical DCs?

Read other answers

We have gone through the ATA installation guide (https://docs.microsoft.com/en-us/advanced-threat-analytics/deploy-use/install-ata).
However, nowhere can we find information on where to find the binaries to install the ATA Lightweight Gateway, or how to actually install it?
Please could someone shed some light on this?
Thank you

Read other answers

In the planning docs for Lightweight Gateway, the following table is presented as reference:

Notice it only goes up to 10 CPUs & 24GB of RAM.
So...I want to know if it will go beyond that number if the DC can handle it.  Our DCs are much too beefy.  We have 32 cores and 256GB of RAM.  
Our Busy Packets are around 8-9K (which is uncomfortably close to 10K).  While we haven't had an issue yet, we are concerned that it will fail if goes over 10K.
QUESTION:  Can the Lightweight Gateway handle more Packets per Second than 10K if the DC is beefy enough?  Or is it a software limit?  If it is a software limit, is it possible to apply a tweak to get additional performance
from the Lightweight Gateway?
Unfortunately, we have been told that Port Mirroring isn't an option for us and we are forced to use the Lightweight Gateway.  Thank you for your time.

Read other answers

I had ATA 1.7 installed on a small virtualized environnement with
1 Lightweigth Gateway installed on my DC (Windows server 2012, 1CPU, 4Go RAM)
1 ATA Center
2 computers
Everything was fine but since I updated ATA to the 1.8 version my gateway doesn't start anymore. When I check the tasks manager, I can see the process "Microsoft ATA Gateway" appear and disappear.
Does anyone encounter the same problem ?

Read other answers

On a few DCs in a customer's production environment, ATA LGW crashes during startup, thousand times over. There is apparently a problem with the PEFNDIS driver. How can this problem be solved?
This is at the end of the ATA LGW log:
2016-05-19 12:35:02.7224 5240 11  d1d78b4c-043c-4bad-8630-5254d3a6a515 Debug [NetworkListener] Starting
2016-05-19 12:35:03.2849 5240 5   00000000-0000-0000-0000-000000000000 Error [EtwMessagePusher] System.ApplicationException: Fail to start live consumer  ---> Microsoft.Opn.Runtime.Monitoring.MessageSessionException: The PEFNDIS event provider
is not ready.  The provider is not installed or not running.
   at Microsoft.Protocols.Tools.DataSourceConfig.EtwDataSource.Plugins.PefNdis.EtwMessageSourcePluginPefNdis.BeforeStart()
   at Microsoft.Protocols.Tools.DataSourceConfig.EtwDataSource.EtwMessagePusher.Start(Boolean startAtPause)
   --- End of inner exception stack trace ---
   at Microsoft.Protocols.Tools.DataSourceConfig.EtwDataSource.EtwMessagePusher.Start(Boolean startAtPause)
   at Microsoft.Opn.Runtime.Monitoring.CaptureSession.Start(Boolean pause)
   at Microsoft.Tri.Gateway.Collection.Network.NetworkListener.OnStartAsync()
   at Microsoft.Tri.Infrastructure.Framework.Module.<StartAsync>d__19.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServic... Read more

Read other answers

I have a client that is seeing performance issues with their DCs.  They have both StealthBits and the ATA Lightweight Gateway services installed on the DC.  Has anyone seen similar issues and if so, any known workarounds?

Microsoft Security Technology Specialist

Read other answers

I am constructing a lap environment to test ATA 1.6
The service of ATA lightweight Gateway is not running after installing the lightweight  gateway on the DC

and I got the error Domain synchronizer not assigned even if I checked every recommendation appeared on the Health state of the center console.
The error ID 1067 appears when I 'm trying to force start the service on the DC

Read other answers

We have a virtual 2012 R2 domain controller on which we have installed the ATA Lightweight Gateway. We've given the DC 6 CPU and 16GB (dynamic) memory. The VM is running on a two host Hyper-V 2012 R2 cluster.
Nightly we are seeing the DC reboot, usually around the time DPM backups are in operation (one is an in-guest backup of system state, the other is a VM image backup). In the logs the following errors are present:

Faulting application name: Microsoft.Tri.Gateway.exe, version: 1.6.4103.64991, time stamp: 0x57172e09
Faulting module name: clr.dll, version: 4.6.1055.0, time stamp: 0x563c12de
Exception code: 0xe0004743
Fault offset: 0x00000000001e65a1
Faulting process id: 0x1bc
Faulting application start time: 0x01d1b48323d2d90a
Faulting application path: C:\Program Files\Microsoft Advanced Threat Analytics\Gateway\Microsoft.Tri.Gateway.exe
Faulting module path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
Report Id: 1b40303e-20de-11e6-80e1-001dd8b71c57
Faulting package full name:
Faulting package-relative application ID:
And then follows a number of write errors similar to
DFSRs (1628) \\.\C:\System Volume Information\DFSR\database_3864_2C8F_642C_51C4\dfsr.db: An attempt to write to the file "\\.\C:\System Volume Information\DFSR\database_3864_2C8F_642C_51C4\dfsr.db" at offset 0 (0x0000000000000000) for 8192 (0x00002000) bytes failed after 0.000 seconds with system error 1453 (0x000005ad): "Insufficient quota to complete the requested service... Read more

Read other answers

I have been setting up ATA 1.7 in our environment,  I have installed the ATA gateway on three of our domain controllers, and two are having performance issue.  The error I am seeing is
Some network traffic is not being analyzed, with a recommendation of adding additional processor and\or memory.  Prior to installing the ATA gateway we did monitor the packets\sec on the network adapter, we averaged around 3000 to 4000,
with peaks around 10,000.  I have been monitoring for the last 6 hours on them, and we are averaging around 2,500.   Spec wise they are running 4 cores 24 GB of RAM, on the one that is working.  On the two that are not working one has 4 cores
the other has 6 cores, both have 24 GB of RAM.  From the documentation these should be more then enough to handle the ATA lightweight gateway.
I have been monitoring resource monitor on the three servers, thinking other AD processes are consuming to much resources to allow ATA to run, the following is what I have seen over the last couple days.
DC 1, Working - (4 Cores) CPU utilization between 25 and 40%.  Memory, (24GB) currently at 88% utilized, 21.8 GB used, 1.1 GB free and 1.6 in stand by.  The biggest consumer is the lsass.exe process, consuming about 18.5 GBs, tri.gateway.exe with
just over 2 GB consumed.
DC 2 Not working - (4 Cores) CPU utilization between 25 and 40%.  Memory (24GB) currently at 75% utilized, 18.3 GB used, 4.5 GB free, and 1.4 GB in stand by... Read more

Read other answers