Azure Advanced Threat Protection Sensor not starting

August 31, 2023
Research
0 Comments
paris

C:\Program Files\Azure Advanced Threat Protection Sensor\2.213.17065.12431\Logs\Microsoft.Tri.Sensor-Errors.log

C:\Program Files\Azure Advanced Threat Protection Sensor\2.213.17065.12431\Logs\Microsoft.Tri.Sensor.log

I had to add the GroupManagedServiceAccount to the LogOnAsService to the Domain Controller

2023-08-30 23:32:58.0542 Info RemoteImpersonationManager CreateImpersonatorInternalAsync started [UserName=ATPSensor Domain= IsGroupManagedServiceAccount=True]
2023-08-30 23:32:58.1172 Info RemoteImpersonationManager GetGroupManagedServiceAccountTokenAsync finished [UserName=ATPSensor Domain=.local IsSuccess=False]
2023-08-30 23:32:58.1172 Info RemoteImpersonationManager CreateImpersonatorInternalAsync finished [UserName=ATPSensor Domain=.local]
2023-08-30 23:32:58.1235 Warn DirectoryServicesClient CreateLdapConnectionAsync failed to retrieve group managed service account password. [DomainControllerDnsName=-DC-01..local Domain=.local UserName=ATPSensor ]
2023-08-30 23:32:58.3092 Error DirectoryServicesClient+d__47 Microsoft.Tri.Infrastructure.ExtendedException: CreateLdapConnectionAsync failed [DomainControllerDnsName=-DC-01..local]
at async Task Microsoft.Tri.Sensor.DirectoryServicesClient.CreateLdapConnectionAsync(DomainControllerConnectionData domainControllerConnectionData, bool isGlobalCatalog, bool isTraversing)
at async Task Microsoft.Tri.Sensor.DirectoryServicesClient.TryCreateLdapConnectionAsync(DomainControllerConnectionData domainControllerConnectionData, bool isGlobalCatalog, bool isTraversing)
2023-08-30 23:32:58.3442 Error DirectoryServicesClient Microsoft.Tri.Infrastructure.ExtendedException: Failed to communicate with configured domain controllers [ _domainControllerConnectionDatas=-DC-01..local]
at new Microsoft.Tri.Sensor.DirectoryServicesClient(IConfigurationManager configurationManager, IDirectoryServicesDomainNetworkCredentialsManager domainNetworkCredentialsManager, IDomainTrustMappingManager domainTrustMappingManager, IRemoteImpersonationManager remoteImpersonationManager, IMetricManager metricManager, IWorkspaceApplicationSensorApiJsonProxy workspaceApplicationSensorApiJsonProxy)
at object lambda_method(Closure, object[])

(No Ratings Yet)