Over 1 million tech questions and answers.

Service on lightweight gateway wont start - Domain controllers are not configured

Q: Service on lightweight gateway wont start - Domain controllers are not configured

I am attempting to lab up ATA 1.7.1, and am having a similar issue to the following ATA Forum thread: https://social.technet.microsoft.com/Forums/security/en-US/c817193a-9859-48fa-a208-eb644b17005b/service-on-lightweight-gateway-wont-start?forum=mata
Event viewer is showing that the service is attempting to restart, and the ATA logs are full of this error (occurs every 20 seconds):
2016-10-18 23:49:50.2983 856 5 00000000-0000-0000-0000-000000000000 Error [DirectoryServicesClient+<OnInitializeAsync>d__12] Microsoft.Tri.Infrastructure.ExtendedException: Domain controllers are not configured
at Microsoft.Tri.Gateway.Resolution.DirectoryServices.DirectoryServicesClient.<OnInitializeAsync>d__12.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Tri.Infrastructure.Framework.Module.<InitializeAsync>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Tri.Infrastructure.Framework.ModuleManager.<OnInitializeAsync>d__4.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Tri.Infrastructure.Framework.Module.<InitializeAsync>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Tri.Infrastructure.Framework.Service.<OnStartAsync>d__10.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Tri.Infrastructure.Framework.Service.OnStart(String[] args)

The ATA gateway is successfully joined to the domain, the ATA Center has a successful connection to the Directory Services, 'KLIST query_bind' returns valid information, DNS resolves and all network connectivity seems to be fine.

I have:
- Rebuilt the performance counter database (including uninstall of ATA gateway and rebooting the host)
- Regenerated the installation package from the ATA center and re-installed
- Successfully added performance counters relating to .NET CLR Memory

Any other avenues to explore would be greatly appreciated.

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Service on lightweight gateway wont start - Domain controllers are not configured

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 119.6

I have the latest version of ATA - 1.9.7312.32791
I have deployed ATA Lightweight Gateway to many domain controllers throughout my organisation from exactly the same "Microsoft ATA Gateway setup.exe" with accompanying .json file in the same folder.

Nearly all the Domain Controllers have been Windows Server 2016 Core with a quiet install via command line.
The installation has worked perfectly with the exception of two domain controllers on the same physical subnet/site.
The installation error code in the log is:
Error [\[]TaskAwaiter[\]] System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IdentityModel.Tokens.SecurityTokenValidationException:
Failed to validate certificate thumbprint [\[]thumbprint=FC78E602AA1E8BF57CC2270E81788E5ADC511DF4[\]]

Seeing as every other installation worked fine, I suspect something must be blocking or interfering with the certificate being successfully negotiated back at the ATA centre
The likelyhood if being an error with the JSON file is extremely small as the failures occurred in the middle of the installation program, with successful implementations either side of the two that failed.

What can I get the network team to check regarding firewalls, network traffic or blocked ports?

Has anyone seen similar?

Thank you

Chris

Read other answers
RELEVANCY SCORE 103.6

I installed a lightweight gateway in a child domain in the forest (there are working trusts).  I am getting an error message while the service fails to start:

2018-05-22 18:44:00.0328 6332 9   Error [DirectoryServicesClient+<CreateLdapConnectionAsync>d__32] Microsoft.Tri.Infrastructure.Utils.ExtendedException: Failed to connect to domain controller [DomainControllerDnsName=HOSTNAME.DOMAIN ErrorCode=82] ---> System.DirectoryServices.Protocols.LdapException: A local error occurred.
   at System.DirectoryServices.Protocols.LdapConnection.BindHelper(NetworkCredential newCredential, Boolean needSetCredential)
   at async Microsoft.Tri.Gateway.Resolution.DirectoryServices.DirectoryServicesClient.CreateLdapConnectionAsync(?)
   --- End of inner exception stack trace ---
   at async Microsoft.Tri.Gateway.Resolution.DirectoryServices.DirectoryServicesClient.CreateLdapConnectionAsync(?)
   at async Microsoft.Tri.Gateway.Resolution.DirectoryServices.DirectoryServicesClient.CreateLdapConnectionAsync(?)
   at async Microsoft.Tri.Gateway.Resolution.DirectoryServices.DirectoryServicesClient.TryCreateLdapConnectionAsync(?)
2018-05-22 18:44:00.0328 6332 5   Error [DirectoryServicesClient+<OnInitializeAsync>d__14] Microsoft.Tri.Infrastructure.Utils.ExtendedException: Failed to communicate with configured domain controllers
   at async Microsoft.Tri.Gateway.Resolution... Read more

Read other answers
RELEVANCY SCORE 100.8

The lightweight gateway ran for a month or so then it stopped last week.  After reinstalling and rebooting the DC, the lightweight gateway started again.  It ran for a few days but stopped again.  Reinstalling and rebooting didn't help this
time.  I tried reinstalling a couple of times.  No luck.  I get this: "error 1067: the process terminated unexpectedly" when trying to restart the service.  The error log doesn't help me much.  Maybe someone else can decode
it.
2016-08-09 16:55:49.6348 172 5   00000000-0000-0000-0000-000000000000 Error [DirectoryServicesClient+<SearchInternalAsync>d__23] Microsoft.Tri.Infrastructure.ExtendedException: LDAP search failed [DomainControllerDnsName=WORK-DNS2.dcsms.org
IsGlobalCatalog=True DistinguishedName=DC=hhh,DC=test,DC=org Scope=Base Filter= AttributeNames=canonicalName objectClass whenCreated displayName distinguishedName objectGUID isDeleted name objectSID whenChanged lockoutDuration lockoutThreshold maxPwdAge minPwdAge
pwdHistoryLength pwdProperties fSMORoleOwner replUpToDateVector] ---> Microsoft.Tri.Infrastructure.ExtendedException: LDAP search failed [ResultCode=Referral]
   at Microsoft.Tri.Gateway.Resolution.DirectoryServices.DirectoryServicesClient.<SearchInternalAsync>d__23.MoveNext()
   --- End of inner exception stack trace ---
   at Microsoft.Tri.Gateway.Resolution.DirectoryServices.DirectoryServicesClient.... Read more

Read other answers
RELEVANCY SCORE 100.8

We have lightweight gateways installed on 3 other DCs and they all work fine. On a fourth DC, the service won't start.  I get an Error 1067 if I try to manually start it.  In the error log, I see:
2016-08-16 19:17:54.3467 4028 5   00000000-0000-0000-0000-000000000000 Error [PerformanceCounterLib] System.InvalidOperationException: Category does not exist.
   at System.Diagnostics.PerformanceCounterLib.CounterExists(String machine, String category, String counter)
   at System.Diagnostics.PerformanceCounter.InitializeImpl()
   at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName, Boolean readOnly)
   at System.Diagnostics.PerformanceCounter..ctor(String categoryName, String counterName, String instanceName)
   at Microsoft.Tri.Gateway.Service.GatewayAppDomainManager.<OnInitializeAsync>d__7.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Tri.Infrastructure.Framework.Module.<InitializeAsync>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) ... Read more

Read other answers
RELEVANCY SCORE 100

Hello ,
i installed lightweight gateway on my dc 
in the logs i can see the error is ldap seasch failed on sub domain.
is there any way to tell ata not to search on subdomains ?

Read other answers
RELEVANCY SCORE 98.8

I have this issue on a couple of my DC's, I cannot start either service on the LW GW's and I'm unable to uninstall through programs and features or via silent uninstall 

[3010:422C][2018-05-22T08:00:26]e000: Error 0x80070643: Failed to execute MSI package.

2012 R2 and 2016 DC's
ATA v1.8.676536693

Read other answers
RELEVANCY SCORE 98

2017-07-11 12:44:08.1666 532 15  580018f6-fc9f-41e0-a929-5796a97a33eb Error [AsyncResult] First try to update GatewaySystemProfile failed
2017-07-11 12:44:08.1666 532 15  580018f6-fc9f-41e0-a929-5796a97a33eb Error [AsyncResult] System.ServiceModel.CommunicationException: The socket connection was aborted. This could be caused by an error processing your message or a receive timeout being
exceeded by the remote host, or an underlying network resource issue. Local socket timeout was '00:09:59.9687478'. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
   at System.ServiceModel.Channels.SocketConnection.HandleReceiveAsyncCompleted()
   at System.ServiceModel.Channels.SocketConnection.OnReceiveAsync(Object sender, SocketAsyncEventArgs eventArgs)
   --- End of inner exception stack trace ---
Server stack trace:
   at System.Runtime.AsyncResult.End[TAsyncResult](IAsyncResult result)
   at System.ServiceModel.Channels.CommunicationObject.EndOpen(IAsyncResult result)
Exception rethrown at [0]:
   at System.Runtime.AsyncResult.End[TAsyncResult](IAsyncResult result)
   at System.ServiceModel.Channels.ServiceChannel.SendAsyncResult.End(SendAsyncResult result)
   at System.ServiceModel.Channels.ServiceChannel.EndCall(String action, Object[] outs, IAsyncResult result)
   at System.ServiceModel.Channels.ServiceChannelPro... Read more

Read other answers
RELEVANCY SCORE 87.2

I see in the documentation that 'ALL' ATA Gateways are by default configured as 'Domain Synchronizer Candidate'. I am using exclusively ATA Lightweight Gateway agents installed on my DC. How many of LWG per Active Directory Domain should configured
as 'Domain Synchronizer Candidate'?
Thanks,
Steve

Read other answers
RELEVANCY SCORE 84.4

On 1 out of 3 DCs, when installing the lightweight gateway, the service continually restarts (does it ever finish starting?) this is logged in the errors.log:
2016-06-01 10:42:16.6261 6168 19  d2c5f7d0-168d-44da-83c9-3d20f79ce814 Debug [GatewayTelemetryManager] Initializing
2016-06-01 10:42:16.6885 6168 19  d2c5f7d0-168d-44da-83c9-3d20f79ce814 Debug [GatewayTelemetryManager] Initialized
2016-06-01 10:42:16.6885 6168 19  00000000-0000-0000-0000-000000000000 Debug [GatewayModuleManager] Initialized
2016-06-01 10:42:16.6885 6168 19  00000000-0000-0000-0000-000000000000 Debug [GatewayModuleManager] Starting
2016-06-01 10:42:16.7041 6168 19  e86427bf-8853-47f4-b526-fc783fae6065 Debug [PerformanceCounterManager] Starting
2016-06-01 10:42:17.3437 6168 5   00000000-0000-0000-0000-000000000000 Error [IDataCollectorSet] System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
Has anyone experienced similar? Or pointers in to find out which actions are being denied?

Read other answers
RELEVANCY SCORE 84.4

Hi,
I've installed ATA 1.8 and the lightweight gateway on a 2012 R2 domain controller. 

On the domain controller, the ATA Insights service is running but the main ATA service is stuck in a starting loop.

Are there any logs to find out the reason? I've rebuilt the performance counter database as suggested in another thread, but to no avail. Nothing of use in the event logs.


Thanks!

Read other answers
RELEVANCY SCORE 82.8

I am having an issue where my gateway service wont start.  I have reinstalled three times and the most recent just taking the defaults with self signed certificates to make sure that was not the issue.  

The error in the microsoft.tri.gateway-errors log states:

2016-05-05 15:45:53.5091 1896 10  d95b9f61-9d2f-4ef3-a0ec-9575da88f329 Error [GatewayConfigurationManager] Failed to update configuration System.ServiceModel.EndpointNotFoundException: Could not connect to net.tcp://10.4.2.37:443/ICenterConfigurationManager.
The connection attempt lasted for a time span of 00:00:01.0625094. TCP error code 10061: No connection could be made because the target machine actively refused it 10.4.2.37:443.  ---> System.Net.Sockets.SocketException: No connection could be made
because the target machine actively refused it 10.4.2.37:443
   at System.Net.Sockets.Socket.EndConnect(IAsyncResult asyncResult)
   at System.ServiceModel.Channels.SocketConnectionInitiator.ConnectAsyncResult.OnConnect(IAsyncResult result)
   --- End of inner exception stack trace ---

How can I check the health of this site.  I have the console on 10.4.2.38 and the center of 10.4.2.37.  When i go to iis i only see one site and it is only listening on the .38 ip address.  Where is the center service website run?  Is
it normally in iis?

A:Gateway Service Wont Start

and now all of a sudden i got a notification that it scanned the domains and found computers and users and the service is running.  No clue what changed.  

Read other 1 answers
RELEVANCY SCORE 82.4

We removed two lightweight gateways from our environment, and only have lightweight gateways installed. We deployed a new DC that has the IP address of the old DC but a different hostname. For the life of me I can't find where a cached thumbprint or a cert
discrepency might be hiding. I get the below error on ATA center. The gateway service will not start on the new DC.
Version 1.9.7412.9649
2019-03-15 22:15:55.8645 10424 54  Error [AppBuilderExtension] Failed to validate certificate thumbprint [thumbprint=XXXXXXXXXXXXXXXXXXX] from XXX.XXX.XXX.XXX
2019-03-15 22:15:55.8645 10424 54  Error [CertificateValidator] System.IdentityModel.Tokens.SecurityTokenValidationException: Failed to validate certificate thumbprint [thumbprint=XXXXXXXXXXXXXXXXXXX]
   at Microsoft.Tri.Infrastructure.Utils.CertificateValidator.Validate(String thumbprint)
   at Microsoft.Tri.Infrastructure.Utils.CertificateValidator.Validate(X509Certificate2 certificate)
   at async Microsoft.Tri.Common.Management.AppBuilderExtension.<>c__DisplayClass3_0.<UseCertificateValidation>b__0(?)
   at async Microsoft.Owin.Security.Infrastructure.AuthenticationMiddleware`1.Invoke[](?)
   at async Microsoft.Tri.Common.Management.AppBuilderExtension.<>c.<UseExceptionHandler>b__2_0(?)

Read other answers
RELEVANCY SCORE 82.4

System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)).
2016-10-24 08:08:48.6645 6704 5   00000000-0000-0000-0000-000000000000 Error [ServiceChannel] System.ServiceModel.FaultException`1[System.ServiceModel.ExceptionDetail]: The request is not supported (Fault Detail is equal to An ExceptionDetail, likely created
by IncludeExceptionDetailInFaults=true, whose value is:
System.ComponentModel.Win32Exception: The request is not supported
   at System.ServiceModel.Dispatcher.TaskMethodInvoker.InvokeEnd(Object instance, Object[]& outputs, IAsyncResult result)
how to fixed?

Read other answers
RELEVANCY SCORE 80.4

Hi,
I am getting the following error when my lightweight gateway agent tries to start on one of my Windows 2008R2 Domain Controllers:
2016-10-11 18:26:38.4188 2112 5   00000000-0000-0000-0000-000000000000 Error [IDataCollectorSet] System.Runtime.InteropServices.COMException (0xC0000BC9): Exception from HRESULT: 0xC0000BC9
   at PlaLibrary.IDataCollectorSet.start(Boolean Synchronous)
   at Microsoft.Tri.Infrastructure.Utils.DataCollectorSet.Start(String name)
   at Microsoft.Tri.Infrastructure.Framework.PerformanceCounterManager.<OnStartAsync>d__7.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Tri.Infrastructure.Framework.Module.<StartAsync>d__19.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Tri.Infrastructure.Framework.ModuleManager.<OnStartAsync>d__5.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerS... Read more

Read other answers
RELEVANCY SCORE 79.6

One of our lightweight gateways is now failing to startup.  The issue started after we rebooted the domain controller after our monthly patch window.  I tried reinstalling the gateway but it still won't start.  The other two DCs we have lightweight
gateways on are still working just fine.  They got the same set of patches and were also rebooted but they start up just fine.  I also tried restarting the services again but they start up so the problem appears to be isolated on this one DC.
I looked in the "Microsoft.Tri.Gateway-Errors.log" and the couple errors I see are below but I haven't been able to find related articles that talk about how to fix them.
Microsoft.Tri.Infrastructure.ExtendedException: Failed to communicate with the configured domain controllers
and
Microsoft.Tri.Infrastructure.ExtendedException: Failed to connect to domain controller [DomainControllerDnsName=xxxxxx.local ErrorCode=82] ---> System.DirectoryServices.Protocols.LdapException: a local error occurred.
A few of the things I have tried are:
- Confirmed using the ldp.exe tool that I could connect via both 389 and 636 to itself as well as the other two DCs.
- Uninstall and reinstall, didn't fix the issue.  The new gateway does appear in the console in a "Start Failed" status.  Makes me think it isn't a problem with the lightweight gateway being able to talk to the console.
- Other than the patches the only thing else that we know chang... Read more

Read other answers
RELEVANCY SCORE 78

Hi All,
I've recently completed the deployment of a large number of ATA lightweight gateways in our environment.  All of them are working great, except for one. The service hangs on starting for a long period of time and then fails to start. This is a server
2008r2 standard domain controller, and the recurring error I can find in the Microsoft.Tri.Gateway-errors file is below:
2017-07-07 20:20:57.4359 2604 5   00000000-0000-0000-0000-000000000000 Error [Enumerable] System.InvalidOperationException: Sequence contains more than one element
   at System.Linq.Enumerable.Single[TSource](IEnumerable`1 source)
   at async Microsoft.Tri.Gateway.Resolution.DirectoryServices.DirectoryServicesClient.ConnectDisconnectedDomainControllersAsync(?)
   at async Microsoft.Tri.Gateway.Resolution.DirectoryServices.DirectoryServicesClient.OnInitializeAsync(?)
   at async Microsoft.Tri.Infrastructure.Framework.Module.InitializeAsync(?)
   at async Microsoft.Tri.Infrastructure.Framework.ModuleManager.OnInitializeAsync(?)
   at async Microsoft.Tri.Infrastructure.Framework.Module.InitializeAsync(?)
   at async Microsoft.Tri.Infrastructure.Framework.Service.OnStartAsync(?)
   at Microsoft.Tri.Infrastructure.Framework.Service.OnStart(String[] args)

I've uninstalled/reinstalled, reset performance counters, rebooted, etc.  And I'm out of ideas.  Any help would be greatly appreciated.  T... Read more

Read other answers
RELEVANCY SCORE 77.2

I recently had a lightweight gateway that stopped checking in with ATA.  I found the ATA services not running, and couldn't start them.  I tried uninstalling the lightweight gateway from the server, but the uninstall failed.  Attempted to
run the setup again, but it won't run because it sees that it's already installed.
Per the suggestion here: https://social.technet.microsoft.com/Forums/lync/en-US/e54b04aa-10b0-4ef8-8aad-4d3fd5bc75ec/i-cannot-uninstall-ata-gateway-after-installing-from-the-zip-file?forum=mata
I searched the registry for anything mentioning Advanced Threat Analytics and removed it, and ran the setup again.  The setup didn't seem to complete successfully, and the services still won't start.  However ATA doesn't show up in add/remove programs
anymore, and I don't see any registry keys under HKLM\Software which contain 'Advanced Threat Analytics'.
What's the best way to clean this up and get it working again?
Also, we get ATA as part of our EMS subscription.  Does that subscription include Tech support for ATA? 

Read other answers
RELEVANCY SCORE 77.2

Hi,
I've just installed ATA following a previous trial of 1.2 now that the lightweight gateway is available, the gateway is working fine on virtual DCs (although dropping some traffic due to resources apparently). however the physical DC seemed to work fine
initially, but now the service will not start.
I get service control manager events logged with event ID 7031 for Microsoft Advanced Threat Analytics Gateway continually.
I have removed and re-installed the gateway 3 times so far with no improvement.
the Microsoft.Tri.Gateway-Resolution.log file has the following:
2016-08-25 14:45:15.7387 7872 5   00000000-0000-0000-0000-000000000000 Error [WmiEtwRpcMessagePusher] System.ApplicationException: Unable to start ETW session MMA-ETW-Livecapture-a4f595bd-f567-49a7-b963-20fa4e370329
Host Name: Localhost
 ---> System.ApplicationException: Provider Microsoft-PEF-NDIS-PacketCapture does not work remotely. Please create a new session without it.
   at Microsoft.Protocols.Tools.DataSourceConfig.EtwDataSource.WmiEtwRpcMessagePusher.MISessionInit(EtwSessionConfig sessionCfg)
   at Microsoft.Protocols.Tools.DataSourceConfig.EtwDataSource.WmiEtwRpcMessagePusher.Enable()
   --- End of inner exception stack trace ---
   at Microsoft.Protocols.Tools.DataSourceConfig.EtwDataSource.WmiEtwRpcMessagePusher.Enable()
   at Microsoft.Protocols.Tools.DataSourceConfig.EtwDataSource.WmiEtwRpcMessagePusher.Start(Boolean s... Read more

Read other answers
RELEVANCY SCORE 75.6

Hi, I have an issue with ATA 1.7.

I have deployed ATA in my lab environment (VMware ESXi) but the ATA GATEWAY service keeps on Starting. When I manually tried to restart, it showed an error:

Windows could not start the Microsoft Advanced Threat Analytics Gateway service on Local Computer.Error 1067: The Process terminated unexpectedly.

Then, I tried to deployed my lab in my laptop (2 VMs / VMWARE Workstation) and ATA works fine. These same VMs don't work on ESX, the network configuration is good but error 1067 again

Is there some special prerequisites/configuration on ESX ? 

Configuration:

Center: Windows 2012 R2 / 4 core / 8 go ram

DC + Lightweight Gateway: Windows 2012 R2 / 4 core / 8 go ram

Read other answers
RELEVANCY SCORE 70.8

I've installed the Microsoft ATA Gateway on a dedicated server in a lab environment. The gateway shows a status of "Stopped" in the ATA Console configuration tab. On the ATA Gateway itself, the Microsoft Advanced Threat Analytics Gateway service
will not start. I keep getting the following error: "Windows could not start the Microsoft Advanced Threat Analytics Gateway service on Local Computer. Error 1067: The process terminated unexpectedly."
I get an Event ID 7031 error in the windows service logs that says: "The Microsoft Advanced Threat Analytics Gateway service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart
the service". The service continually fails to start.
I'm not sure if this is related, but I also get the following error in the Microsoft.Tri.Gateway-Errors Log: "Error [AsyncResult]System.ServiceModel.Security.MessageSecurityException: An unsecured or incorrectly secured fault was received from
the other party. See the inner FaultException for the fault code and detail. ---> System.ServiceModel.FaultException: An error occurred when verifying security for the message."

I'm using Windows Server 2012 R2. The Gateway is installed as a stand alone server with port mirroring configured for the capture NIC.

Read other answers
RELEVANCY SCORE 70.4

I received an error in that ATA console stating that one of my lightweight gateways is no longer communicating.  I've seen this error before, and in the past I connected to the DC in question and restarted the Gateway services, and this resolved the
issue.  However in this particular case, the Gateway service will not start.  When attempting to start the service I get the following error.
Windows could not start the Microsoft Advance Threat Analytics Gateway service on Local Computer.

Error 1067: The process terminated unexpectedly.
I checked the Microsoft.Tri.Gateway.log and Microsoft.Tri.Gateway-Errors.log, I see the following error in both:
2017-02-01 14:20:02.7833 8864 5 00000000-0000-0000-0000-000000000000 Error [ServiceChannel] System.ServiceModel.FaultException`1[System.ServiceModel.ExceptionDetail]: Cannot process request because the process (3024) has exited. (Fault Detail is equal to An ExceptionDetail, likely created by IncludeExceptionDetailInFaults=true, whose value is:
System.InvalidOperationException: Cannot process request because the process (3024) has exited.
at System.ServiceModel.Dispatcher.TaskMethodInvoker.InvokeEnd(Object instance, Object[]& outputs, IAsyncResult result)
at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeEnd(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage7(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.MessageRpc.Process(Bo... Read more

Read other answers
RELEVANCY SCORE 66

I have come across a situation like this.
I planned to install ATA Gateway to monitor datacenter DC traffic. These 4 DCs are physical blade servers resides in a single HP blade enclosure. And 2 switches in blade enclosure are connecting to 2 different physical switches. These 2 rack switches are
basic switches which doesn't support stacking or any other method to do port mirroring (RSPAN). So will it be possible to place a gateway?
Secondly, when I ran the sizing tool, lightweight gateways can be installed on these 4 DCs with hardware upgrades. I can upgrade RAM, but since these servers are old, I have an issue with increasing processors because processors are not available to be purchased.
The recommendation is to upgrade just 1-3 cores in a server.
So I want to know whether not increasing processors in DCs will adversely affect the functionality of LWGW and the DC? And any other good method to take care (GW or LWGW) of this 4 physical DCs?

Read other answers
RELEVANCY SCORE 64.4

HI,
We have gone through the ATA installation guide (https://docs.microsoft.com/en-us/advanced-threat-analytics/deploy-use/install-ata).
However, nowhere can we find information on where to find the binaries to install the ATA Lightweight Gateway, or how to actually install it?
Please could someone shed some light on this?
Thank you
SK

Read other answers
RELEVANCY SCORE 64

Good day, I have VM (the Center and Gateway) set up in Hyper-V with port mirroring and a test lab domain controller. I've setup the
gateway, but service won't start, and when looking through my gateway logs I found multiple instances of the following error. How should I resolve this?
2015-10-16 07:53:19.6965 2180 5   1d20001a-f6b4-4916-92b5-f453377474d1 Error [DirectoryServicesClient] Microsoft.Tri.Infrastructure.ExtendedException: Failed to connect to domain controller [DomainControllerDnsName=UN1T.GROUP] ---> System.DirectoryServices.Protocols.LdapException:
Local error has occurred.
   ? System.DirectoryServices.Protocols.LdapConnection.BindHelper(NetworkCredential newCredential, Boolean needSetCredential)
   ? Microsoft.Tri.Gateway.Resolution.DirectoryServicesClient.CreateLdapConnection(DomainControllerConnectionData domainControllerConnectionData, Boolean isGlobalCatalog)
   --- ????? ??????????? ??????????? ????? ?????????? ---
   ? Microsoft.Tri.Gateway.Resolution.DirectoryServicesClient.CreateLdapConnection(DomainControllerConnectionData domainControllerConnectionData, Boolean isGlobalCatalog)
   ? Microsoft.Tri.Gateway.Resolution.DirectoryServicesClient.TryCreateLdapConnection(DomainControllerConnectionData domainControllerConnectionData) 
2015-10-16 07:53:19.7165 2180 5   00000000-0000-0000-0000-000000000000 Error [KeyedObjectPool`2] Micr... Read more

Read other answers
RELEVANCY SCORE 63.6

I have a client that is seeing performance issues with their DCs.  They have both StealthBits and the ATA Lightweight Gateway services installed on the DC.  Has anyone seen similar issues and if so, any known workarounds?
Thanks

Microsoft Security Technology Specialist

Read other answers
RELEVANCY SCORE 63.6

I am constructing a lap environment to test ATA 1.6
The service of ATA lightweight Gateway is not running after installing the lightweight  gateway on the DC

and I got the error Domain synchronizer not assigned even if I checked every recommendation appeared on the Health state of the center console.
The error ID 1067 appears when I 'm trying to force start the service on the DC

Read other answers
RELEVANCY SCORE 63.6

Hello Everyone,
When upgrading lightweight gateway client on the DC does it require a restart?

Senior Technical Consultant, MDS Computers

A:Lightweight Gateway restsart

Only if the deployment process needs to update the .net framework, or if there is already a pending reboot for the machine.
Maing sure ahead you have .net 4.6.1 or higher install , will likely avoid a reboot unless there is already one pending for another reason.

Read other 1 answers
RELEVANCY SCORE 63.6

In the planning docs for Lightweight Gateway, the following table is presented as reference:

Notice it only goes up to 10 CPUs & 24GB of RAM.
So...I want to know if it will go beyond that number if the DC can handle it.  Our DCs are much too beefy.  We have 32 cores and 256GB of RAM.  
Our Busy Packets are around 8-9K (which is uncomfortably close to 10K).  While we haven't had an issue yet, we are concerned that it will fail if goes over 10K.
QUESTION:  Can the Lightweight Gateway handle more Packets per Second than 10K if the DC is beefy enough?  Or is it a software limit?  If it is a software limit, is it possible to apply a tweak to get additional performance
from the Lightweight Gateway?
Unfortunately, we have been told that Port Mirroring isn't an option for us and we are forced to use the Lightweight Gateway.  Thank you for your time.

Read other answers
RELEVANCY SCORE 63.6

On a few DCs in a customer's production environment, ATA LGW crashes during startup, thousand times over. There is apparently a problem with the PEFNDIS driver. How can this problem be solved?
This is at the end of the ATA LGW log:
2016-05-19 12:35:02.7224 5240 11  d1d78b4c-043c-4bad-8630-5254d3a6a515 Debug [NetworkListener] Starting
2016-05-19 12:35:03.2849 5240 5   00000000-0000-0000-0000-000000000000 Error [EtwMessagePusher] System.ApplicationException: Fail to start live consumer  ---> Microsoft.Opn.Runtime.Monitoring.MessageSessionException: The PEFNDIS event provider
is not ready.  The provider is not installed or not running.
   at Microsoft.Protocols.Tools.DataSourceConfig.EtwDataSource.Plugins.PefNdis.EtwMessageSourcePluginPefNdis.BeforeStart()
   at Microsoft.Protocols.Tools.DataSourceConfig.EtwDataSource.EtwMessagePusher.Start(Boolean startAtPause)
   --- End of inner exception stack trace ---
   at Microsoft.Protocols.Tools.DataSourceConfig.EtwDataSource.EtwMessagePusher.Start(Boolean startAtPause)
   at Microsoft.Opn.Runtime.Monitoring.CaptureSession.Start(Boolean pause)
   at Microsoft.Tri.Gateway.Collection.Network.NetworkListener.OnStartAsync()
   at Microsoft.Tri.Infrastructure.Framework.Module.<StartAsync>d__19.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServic... Read more

Read other answers
RELEVANCY SCORE 63.6

Hello,
I had ATA 1.7 installed on a small virtualized environnement with
1 Lightweigth Gateway installed on my DC (Windows server 2012, 1CPU, 4Go RAM)
1 ATA Center
2 computers
Everything was fine but since I updated ATA to the 1.8 version my gateway doesn't start anymore. When I check the tasks manager, I can see the process "Microsoft ATA Gateway" appear and disappear.
Does anyone encounter the same problem ?

Read other answers
RELEVANCY SCORE 63.2

After install my Ata Gateway I receive an error message:

The ammount of Ram and Core processor already is ok following the description of Microsoft but the service doesn't start.
Follow my error log file below:
2018-03-12 20:19:48.6278 3188 5 00000000-0000-0000-0000-000000000000 Error [DirectoryServicesClient+<OnInitializeAsync>d__14] Microsoft.Tri.Infrastructure.Utils.ExtendedException: Domain controllers are not configured
at async Microsoft.Tri.Gateway.Resolution.DirectoryServices.DirectoryServicesClient.OnInitializeAsync(?)
at async Microsoft.Tri.Infrastructure.Framework.Module.InitializeAsync(?)
at async Microsoft.Tri.Infrastructure.Framework.ModuleManager.OnInitializeAsync(?)
at async Microsoft.Tri.Infrastructure.Framework.Module.InitializeAsync(?)
at async Microsoft.Tri.Infrastructure.Framework.Service.OnStartAsync(?)
at Microsoft.Tri.Infrastructure.Framework.Service.OnStart(String[] args)
2018-03-12 20:19:55.6199 1280 5 00000000-0000-0000-0000-000000000000 Error [DirectoryServicesClient+<OnInitializeAsync>d__14] Microsoft.Tri.Infrastructure.Utils.ExtendedException: Domain controllers are not configured
at async Microsoft.Tri.Gateway.Resolution.DirectoryServices.DirectoryServicesClient.OnInitializeAsync(?)
at async Microsoft.Tri.Infrastructure.Framework.Module.InitializeAsync(?)
at async Microsoft.Tri.Infrastructure.Framework.ModuleManager.OnInitializeAsync(?)
at async Microsoft.Tri.Infrastructure.Framework.Mod... Read more

Read other answers
RELEVANCY SCORE 62.8

After running the ATA Sizing Tool, I followed the CPU and memory recommendations and upgraded as needed.  Additionally, post-install, I made the recommended changes to the NIC configurations, as our lightweight gateways are running on VMWare. 
But I still am getting health alerts like the following:
Lightweight Gateway reached a memory resource limit

The Lightweight Gateway, <servername>, stopped itself and will restart automatically to protect the domain controller from a low memory condition
I picked one of the lightweight gateways that was experiencing this alert and added an additional 2GB of memory to it.  This did not resolve the problem.  Additionally, we have plenty of lightweight gateways  (domain controllers); I'm fairly
certain this is not the issue.
Any ideas/thoughts?

Read other answers
RELEVANCY SCORE 62.8

Hi All,
Our current certificates are expiring at the end of the month for all our lightweight gateway servers. I have recently followed Microsoft's documentation to renew the certificate on the ATA center server which has been successful and I can see in the JSON
files on the gateways that the thumbprint has updated accordingly.
I am however unsure of the method to update the similar certificate on the lightweight gateways, on the ATA center server I simply used PowerShell to create a new certificate based off the properties of the existing certificate and then synced the changes
in the center to the gateways.
What's the best process for updating the certificates on the gateways? I am not using version 1.8 where this is automatically managed by the system so I need to do this manually.
Hope you can help!
Thanks

Read other answers
RELEVANCY SCORE 62.8

I'm running the Lightweight Gateway on two Server 2012 R2 Domain Controllers and the ATA service continually crashes. I've installed .NET 4.6.2 + Dec 2016 rollup on both servers with no effect. This is ATA 1.7 with the MSDN ISO.
From the gateway error logs...
2017-04-04 16:29:08.8518 4348 5 00000000-0000-0000-0000-000000000000 Error [NetworkListener] System.TypeLoadException: Could not load type 'Microsoft.Opn.Runtime.Values.BinaryValueBufferManager' from assembly 'Microsoft.Opn.Runtime, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35'.
When we look at the GAC'ed binary, Microsoft.Opn.Runtime.dll, the type BinaryBufferManager is indeed missing. So either the wrong assembly is being GAC'ed, or the wrong (old?) assembly is being shipped in the MSDN ISO.


The GAC'ed binary I have is version 4.0.8100.0 @ 3,122,904 bytes (size; not size on disk) with a created date of ?Wednesday, ?August ?31, ?2016, ??3:04:22 PM.


Trevor Seward
Office Servers and Services MVP






Author, Deploying SharePoint 2016


This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

Read other answers
RELEVANCY SCORE 62.8

I've installed the Lightweight Gateway on one dc in one of our domains, I see that it's collecting data and learning the environment.  However I'm wondering why I'm able to see other users in other domains within our forest?  If I specified one
domain in the forest why is it collecting users and computers from all domains in the forest from this one DC?

Is it not redundant to have to install the lightweight agent on all DC's in all domains in the forest?

Read other answers
RELEVANCY SCORE 62.8

I ran the sizing tool in my vmware environment and it says I am able to deploy all lightweight gateways to all the DC's. My question is, does this means to analyze what ATA has found, I have to go to each DC and look at ATA, then move to the next box and
so on?

Read other answers
RELEVANCY SCORE 62.8

Hi all,
This is a tip for customers working to deploy the lightweight gateway who are receiving 0x80070643. Firstly, that error code is a generic error for an MSI installation failure, so causes and solutions will vary greatly. This thread is specific to the below
scenario.
While deploying the lightweight installer on a 2012 R2 DC that has KB2919355 installed, I repeatedly received 0x80070643 in the GUI of the installer. Reviewing the "*_MsiPackage" log in <C:\Users\%USERNAME%\AppData\Local\Temp> revealed that
the installer was failing to create the Data Collector Set required by ATA:
Exception thrown by custom action:
System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
at PlaLibrary.IDataCollectorSet.Commit(String name, String Server, CommitMode mode)
at Microsoft.Tri.Infrastructure.Utils.DataCollectorSet.Create(String name, String configurationFilePath)
at Microsoft.Tri.Deployment.Package.Actions.DataCollectorSetActions.Install(Session session)
at Microsoft.Tri.Gateway.Deployment.Package.Actions.CustomActions.InstallFinalize(Session session)
--- End of inner exception stack trace ---
at System.RuntimeMethodHandle.InvokeMethod(Object target, Object arguments, Signature sig, Boolean constructor)
at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Ob... Read more

Read other answers
RELEVANCY SCORE 62.8

I am looking to apply update 2 (from 1.9 build 1.9.7312) and wanted to know a little bit more about the process, specifically for the lightweight gateways on the DC's.  It appears to be generally
simple and straightforward, but can they be updated over a stretch of days and not all at once?  I presume they are backwards compatible...  
Also, is a reboot of the DC's expected after the update is pushed out from the Gateway (I see no mention of it but am compelled to ask.)
Thanks in advance!

Read other answers
RELEVANCY SCORE 62.8

Hi,

After update to MS ATA 1.8 the ATA Lightweight gateway on one of my domain controllers don't work. The second DC work normally.
MS ATA console show that Service status is Stopped.

I reinstall the ATA light gateway many times, delete ATA certificats on DC before it, download install package from ATA Center.

The ATA services (gateway and gateway updater) on DC is running normally

WinEvents have't errors.

But we have errors in gateway log file:

2017-08-01 07: 42: 40.6072 4208 14 07d6fbab-080e-4654-ac24-23fd73ed0fc5 Error [GatewayConfigurationManager]
Failed to get configuration, using default configuration
Error [WebClient + <InvokeAsync> d__8`1] System.Net.Http.HttpRequestException: PostAsync failed [requestTypeName = UpdateGatewayServiceStatusRequest] ---> System.Net.Http.HttpRequestException: An error occurred while sending the request. --->
System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: Attempt to connect failed. From another computer for the required time, the desired response was not received, or the already established connection
was broken because of the incorrect response of the already connected computer 192.168.1.168:3128
   At System.Net.Sockets.Socket.EndConnect (IAsyncResult asyncResult)
   At System.Net.ServicePoint.ConnectSocketInternal (Boolean connectFailure, Socket s4, Socket s6, Socket & socket, IPAddress & address, ConnectSo... Read more

Read other answers
RELEVANCY SCORE 62.8

We have 4 domain controllers which acts as an ATA lightweight gateway.
All 4 domain controllers have installed a certificate from our trust CA with the following CNs:
Common Name : Computername(FQDN)
Our ATA Center has a certificate
Common Name: ATA Center URL (ata.<domainFQDN>)
Both certificates have the following specs:
EKU:
Client authentication
Server authentication
Key Type: Exchange
Key Length: 2048
CSP: Microsoft RSA SChannel Cryptographic Provider (Encryption)
We could use both certificates for ata gateway<-->ata center connection but after the upgrade to ATA 1.8.1 it creates a self signed certificate and using that certificate instead of the one from our CA.
I have changed the thumbprint in the gateway json file, but after restarting the gateway services it changes back to the self signed thumbprint.
How can I use my CA certificate instead of the self signed certificate?

Read other answers
RELEVANCY SCORE 62.8

I have been setting up ATA 1.7 in our environment,  I have installed the ATA gateway on three of our domain controllers, and two are having performance issue.  The error I am seeing is
Some network traffic is not being analyzed, with a recommendation of adding additional processor and\or memory.  Prior to installing the ATA gateway we did monitor the packets\sec on the network adapter, we averaged around 3000 to 4000,
with peaks around 10,000.  I have been monitoring for the last 6 hours on them, and we are averaging around 2,500.   Spec wise they are running 4 cores 24 GB of RAM, on the one that is working.  On the two that are not working one has 4 cores
the other has 6 cores, both have 24 GB of RAM.  From the documentation these should be more then enough to handle the ATA lightweight gateway.
I have been monitoring resource monitor on the three servers, thinking other AD processes are consuming to much resources to allow ATA to run, the following is what I have seen over the last couple days.
DC 1, Working - (4 Cores) CPU utilization between 25 and 40%.  Memory, (24GB) currently at 88% utilized, 21.8 GB used, 1.1 GB free and 1.6 in stand by.  The biggest consumer is the lsass.exe process, consuming about 18.5 GBs, tri.gateway.exe with
just over 2 GB consumed.
DC 2 Not working - (4 Cores) CPU utilization between 25 and 40%.  Memory (24GB) currently at 75% utilized, 18.3 GB used, 4.5 GB free, and 1.4 GB in stand by... Read more

Read other answers
RELEVANCY SCORE 62.8

I have a problem with installing ATA Lightweight Gateway as screen shot attached, the center is 1.8 and windows server 2012 r2, and non-domain joined, I have tried to join the server with no luck, there is no log in the center, and I have tried 1.9 before
the same result.
any ideas...

Read other answers
RELEVANCY SCORE 62.8

i keep receiving this health error from my ATA light Gateway : 
Some network traffic is not being analyzed

<monitoring-alert-loader part="description" style="box-sizing:border-box;color:#424242;font-family:'Segoe UI', Tahoma, '?????? Pro W3', 'Hiragino Kaku Gothic Pro', Osaka, ????, Meiryo, '?? ?????', 'MS PGothic';font-size:14px;">

<bind-html class="ng-scope" html="alertDescription" style="box-sizing:border-box;">Gateway, XXX , is receiving more network traffic than it can process. A portion of the network traffic is not analyzed.</bind-html>

Recommendations

<bind-html class="ng-scope" html="alertRecommendation" style="box-sizing:border-box;">Consider adding additional processors and memory to the Gateway or reducing the number of domain controllers being monitored
by the Gateway.</bind-html>

although it's 32 GB RAM Physical machine and performance at the time of this repeated error is CPU= 10% and Memory = 32 %  .
Any ideas please ? 
<bind-html class="ng-scope" html="alertDescription" style="box-sizing:border-box;"></bind-html>

</monitoring-alert-loader>

Read other answers
RELEVANCY SCORE 62.8

Hello Everyone,
Reference to below statement from MS documentation
During installation, the .Net Framework 4.6.1 is installed and might cause a reboot of the domain controller.



Just wanted to know if .NET Framework would be part of the binaries or will it be downloaded from the internet during the setup. I ask because I don't have internet on my domain controllers so if .NET Framework is downloaded as part of the setup the setup
might fail.





Senior Technical Consultant, MDS Computers

Read other answers
RELEVANCY SCORE 62.8

Lightweight Gateway

Hello
I have an issue where one of my Lightweight Gateway services started to die on me. I then uninstalled the agent restarted the DC and then installed the Lightweight Gateway again. After the installation the services still died for me. I then tried to uninstall
it again but the uninstall hanged for me and I had to kill the uninstall.
I search the forum and found how to remove the product that was in this state by doing this
1. Remove the services
2. Remove the ata folder in program files
3. Remove references in the registry to ATA
Downloaded a new copy of the client from the console
After doing this I restarted the server and tried to install the gateway again and it failes with error 0x80070643
Microsoft Advanced Threat Anlaytics Gateway log
[15E8:1744][2017-04-13T09:36:46]i001: Burn v3.10.3.3007, Windows v6.3 (Build 9600: Service Pack 0), path: C:\Users\ADD-PE~1\AppData\Local\Temp\{801F942A-44AA-4DCE-9D35-0A88CF296AC1}\.cr\Microsoft ATA Gateway Setup.exe
[15E8:1744][2017-04-13T09:36:46]i000: Initializing string variable 'InstallationConfigurationFilePath' to value '[WixBundleOriginalSourceFolder]\GatewayInstallationConfiguration.json'
[15E8:1744][2017-04-13T09:36:46]i000: Initializing hidden variable 'ConsoleAccountPassword'
[15E8:1744][2017-04-13T09:36:46]i000: Initializing hidden variable 'ManagementAuthenticationToken'
[15E8:1744][2017-04-13T09:36:46]i000: Initializing string variable 'NetFrameworkCommandLineArguments' to value... Read more

Read other answers