locked
Can ATA be prompted to rediscover enviroment RRS feed

  • Question

  • We've recently added a 2nd ATA-GW which is dedicated to receiving mirrored authentication traffic from 2 VM DC's. These 2 DC's are not new additions to the monitored Domain but were long delayed in having their traffic added to ATA as they needed their own GW. My question is now that the new DC's and their own GW have been added, I don't see any reference to their discovery in the ATA Timeline; is there any way to restart the environment discovery proceess in ATA now that all 3 DC's are sending their traffic? Thanks!
    Friday, February 19, 2016 11:42 PM

Answers

  • Hi,

    if you want to initiate a "relearning" you simply have to clear the database by reinstalling the ATA Center.

    AFAIK there is no other way for a reset. The database files will be present after a removal, so make sure that you are completely remove the database/installation directory.

    Regards

    • Marked as answer by AD_Guy Friday, February 26, 2016 8:53 PM
    Wednesday, February 24, 2016 6:33 AM

All replies

  • Hi,

    how long is it running? ATA has to run at least 2 month. After several hours, maybe 1 day, there should be a section "recently learned" in the right table.

    Did you opened the logs? Maybe there is a connection problem that will logged in there.

    Regards

    Monday, February 22, 2016 7:06 AM
  • Thanks, just hoping someone can tell me how we can prompt the ATA Center into relearning both Gateways from scratch? The reason for this is in our POC, we started with 1 GW which was monitoring just a single physical DC over the course of 6 weeks. So at around week 7, we've added a 2nd ATA Gateway which is monitoring 2 additional VM DC's. Netmon and Wireshark are showing Authentication traffic mirrored to the new Gateway, but we see nothing new in ATA Center that would indicate the 2 additional DC's have been "learned about" (at least not as a result of adding the additional Gateway). Seems to me there shoud be some way to reinstate the "learning" process for all DC's from both Gateways from scratch. Or is that not possible? There also is nothing relevant to my question in ATA Center's Event Logs.
    Monday, February 22, 2016 3:48 PM
  • Hi,

    if you want to initiate a "relearning" you simply have to clear the database by reinstalling the ATA Center.

    AFAIK there is no other way for a reset. The database files will be present after a removal, so make sure that you are completely remove the database/installation directory.

    Regards

    • Marked as answer by AD_Guy Friday, February 26, 2016 8:53 PM
    Wednesday, February 24, 2016 6:33 AM
  • Hi, if the new GW and DCs have been added correctly as described in https://technet.microsoft.com/de-de/library/dn707704.aspx ATA will recognize the new DC instantly. You wrote Wireshark shows network traffic. Did you install Wireshark on the new Gateway? If so, this might be the cause for the issue. As Wireshark has its own PCAP driver, this might break the ATA capture interface. Please uninstall Wireshark from GW (including the PCAP drivers). NetMon 3.4 is OK. ATA has its own PerfMon counters - please check if there is inbound traffic using these PerfMon counters. If this does not provide necessary troubleshooting information, please check the ATA troubleshooting guide for information on how to proceed. HTH, Fabian
    Thursday, February 25, 2016 9:06 PM
  • Hi AD_Guy

    ATA does not need to relearn the environment as the domain controllers are in the same domain. 

    To validate that the new ATA Gateway is properly monitoring the traffic of the domain controllers, you can open a command prompt and run a nslookup against one of the new VM DCs. Run this from a computer on the network not from the Gateway. 

    nslookup

    server [ip address of DC vm]

    ls [domain name]

    HTH

    ATA Team


    Gershon Levitz [MSFT]

    Friday, February 26, 2016 12:50 PM
  • @EliWallic
    Thank you! With my latest alerts I see that ATA did in fact discover my additional Domain Controllers so reinstalling Center won't be necessary. Good to know though. Thank you

    @Fabian Müller [MSFT]
    Danke! Wireshark was run against the new ATA Gateway from a workstation, only Netmon was installed on the GW itself.

    Gershonl
    Thanks, all set now.

    Friday, February 26, 2016 9:04 PM