none
Error 1067 Lightweight Gateway doesn't start in ESX / Problem VMware ESXi

    Question

  • Hi, I have an issue with ATA 1.7.

    I have deployed ATA in my lab environment (VMware ESXi) but the ATA GATEWAY service keeps on Starting. When I manually tried to restart, it showed an error:

    Windows could not start the Microsoft Advanced Threat Analytics Gateway service on Local Computer.Error 1067: The Process terminated unexpectedly.

    Then, I tried to deployed my lab in my laptop (2 VMs / VMWARE Workstation) and ATA works fine. These same VMs don't work on ESX, the network configuration is good but error 1067 again

    Is there some special prerequisites/configuration on ESX ? 

    Configuration:

    Center: Windows 2012 R2 / 4 core / 8 go ram

    DC + Lightweight Gateway: Windows 2012 R2 / 4 core / 8 go ram



    Tuesday, March 21, 2017 9:59 PM

All replies

  • Hello,

    Just for double check, you deployed ATA Center + ATA Lightweight gateway(installed on DC) on VMWare ESXi, and the service for Lightweight Gateway can't be started. Correct?

    To take a further investigation for this issue, I would recommend to check log files located at C:\Program Files\Microsoft Advanced Threat Analytics\Gateway\Logs. You'd better check the two files: Microsoft.Tri.Gateway-Errors.log and Microsoft.Tri.Gateway-ExceptionStatistics.log. The detailed description for errors will be logged there.

    If possible, you also can share the error messages here, so that we can help troubleshooting.


    Best regards,
    Andy Liu



    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Wednesday, March 22, 2017 5:12 AM
    Moderator
  • Yes, I deployed ATA center (VM 1) and ATA + DC ( VM 2) On VMWare ESXi and the Lightweight can't be started.

    Error Message: Windows could not start the Microsoft Advanced Threat Analytics Gateway service on Local Computer.Error 1067: The Process terminated unexpectedly.

    Microsoft.Tri.Gateway-Errors.log:

    2017-03-20 06:40:13.6585 9184 5   00000000-0000-0000-0000-000000000000 Error [AsyncResult] System.ServiceModel.Security.MessageSecurityException: An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail. ---> System.ServiceModel.FaultException: An error occurred when verifying security for the message.
       --- End of inner exception stack trace ---
       at System.Runtime.AsyncResult.End[TAsyncResult](IAsyncResult result)
       at System.ServiceModel.Channels.ServiceChannel.SendAsyncResult.End(SendAsyncResult result)
       at System.ServiceModel.Channels.ServiceChannel.EndCall(String action, Object[] outs, IAsyncResult result)
       at System.ServiceModel.Channels.ServiceChannelProxy.TaskCreator.<>c__DisplayClass7_0`1.<CreateGenericTask>b__0(IAsyncResult asyncResult)
       at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.Tri.Gateway.Service.GatewayConfigurationManager.<UpdateGatewaySystemProfileAsync>d__10.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.Tri.Gateway.Service.GatewayConfigurationManager.<GetConfigurationContainerAsync>d__7.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.Tri.Infrastructure.Framework.ConfigurationManager`2.<UpdateConfigurationAsync>d__23.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.Tri.Infrastructure.Framework.ConfigurationManager`2.<OnInitializeAsync>d__14.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.Tri.Gateway.Service.GatewayConfigurationManager.<OnInitializeAsync>d__4.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.Tri.Infrastructure.Framework.Module.<InitializeAsync>d__18.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.Tri.Infrastructure.Framework.ModuleManager.<OnInitializeAsync>d__4.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.Tri.Infrastructure.Framework.Module.<InitializeAsync>d__18.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.Tri.Infrastructure.Framework.Service.<OnStartAsync>d__10.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.Tri.Infrastructure.Framework.Service.OnStart(String[] args)
    2017-03-20 06:40:20.5937 8996 14  c7363b92-2172-4334-971c-52c8b6b8ba1f Error [AsyncResult] First try to update GatewaySystemProfile failed
    2017-03-20 06:40:20.5937 8996 14  c7363b92-2172-4334-971c-52c8b6b8ba1f Error [AsyncResult] System.ServiceModel.Security.MessageSecurityException: An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail. ---> System.ServiceModel.FaultException: An error occurred when verifying security for the message.
       --- End of inner exception stack trace ---
       at System.Runtime.AsyncResult.End[TAsyncResult](IAsyncResult result)
       at System.ServiceModel.Channels.ServiceChannel.SendAsyncResult.End(SendAsyncResult result)
       at System.ServiceModel.Channels.ServiceChannel.EndCall(String action, Object[] outs, IAsyncResult result)
       at System.ServiceModel.Channels.ServiceChannelProxy.TaskCreator.<>c__DisplayClass7_0`1.<CreateGenericTask>b__0(IAsyncResult asyncResult)
       at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.Tri.Gateway.Service.GatewayConfigurationManager.<UpdateGatewaySystemProfileAsync>d__10.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.Tri.Gateway.Service.GatewayConfigurationManager.<GetConfigurationContainerAsync>d__7.MoveNext()
    2017-03-20 06:40:20.7031 8996 5   00000000-0000-0000-0000-000000000000 Error [AsyncResult] System.ServiceModel.Security.MessageSecurityException: An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail. ---> System.ServiceModel.FaultException: An error occurred when verifying security for the message.
       --- End of inner exception stack trace ---
       at System.Runtime.AsyncResult.End[TAsyncResult](IAsyncResult result)
       at System.ServiceModel.Channels.ServiceChannel.SendAsyncResult.End(SendAsyncResult result)
       at System.ServiceModel.Channels.ServiceChannel.EndCall(String action, Object[] outs, IAsyncResult result)
       at System.ServiceModel.Channels.ServiceChannelProxy.TaskCreator.<>c__DisplayClass7_0`1.<CreateGenericTask>b__0(IAsyncResult asyncResult)
       at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.Tri.Gateway.Service.GatewayConfigurationManager.<UpdateGatewaySystemProfileAsync>d__10.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.Tri.Gateway.Service.GatewayConfigurationManager.<GetConfigurationContainerAsync>d__7.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.Tri.Infrastructure.Framework.ConfigurationManager`2.<UpdateConfigurationAsync>d__23.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.Tri.Infrastructure.Framework.ConfigurationManager`2.<OnInitializeAsync>d__14.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.Tri.Gateway.Service.GatewayConfigurationManager.<OnInitializeAsync>d__4.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.Tri.Infrastructure.Framework.Module.<InitializeAsync>d__18.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.Tri.Infrastructure.Framework.ModuleManager.<OnInitializeAsync>d__4.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.Tri.Infrastructure.Framework.Module.<InitializeAsync>d__18.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.Tri.Infrastructure.Framework.Service.<OnStartAsync>d__10.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.Tri.Infrastructure.Framework.Service.OnStart(String[] args)

     Microsoft.TriUpdater.ExceptionStatistics.log :

    StartTime: 03/22/2017 08:22:59
    EndTime: 03/22/2017 08:29:54

    Count: 8
    System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IdentityModel.Tokens.SecurityTokenValidationException: Failed to validate certificate thumbprint [Subject=CN=ATACenter Thumbprint=F372B6E25558D4B49DCE8E7D3C5D294C2BBAF762]
       at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)
       at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)
       --- End of inner exception stack trace ---
       at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
       at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)
       --- End of inner exception stack trace ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.Tri.Infrastructure.HttpClientExtension.<GetAsync>d__0`1.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.Tri.Common.Management.ManagementClient.<>c__DisplayClass13_0.<<GetGatewaySoftwareUpdateDataAsync>b__0>d.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.Tri.Infrastructure.HttpClientExtension.<RequestAsync>d__4`1.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.Tri.Common.Management.ManagementClient.<GetGatewaySoftwareUpdateDataAsync>d__13.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.Tri.Gateway.Updater.Updates.SoftwareUpdateManager.<CheckSoftwareUpdatesAsync>d__3.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.Tri.Infrastructure.Framework.Module.<>c__DisplayClass29_0.<<RegisterPeriodicTask>b__1>d.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.Tri.Infrastructure.TaskExtension.<>c__DisplayClass25_0.<<RunPeriodic>b__0>d.MoveNext()

    Second deploy

    Then, I tried to deploy the same configuration Center (VM 1) and Light Gateway + DC ( VM 2) on on my laptop (VMWare Workstation) and it's work fine



    Wednesday, March 22, 2017 8:43 AM
  • Hello,

    Based on the error message below, the cause for the issue is that gateway can't validate the certificate thumbprint for ATA Center. Previously, you might replace the SSL certificate for ATA Center, after you downloaded the ATA Gateway installation package.

    System.IdentityModel.Tokens.SecurityTokenValidationException: Failed to validate certificate thumbprint [Subject=CN=ATACenter Thumbprint=F372B6E25558D4B49DCE8E7D3C5D294C2BBAF762]

    There are two methods for resolving this issue.

    Method 1

    1. Uninstall ATA Lightweight gateway from the domain controller
    2. Download ATA gateway installation package again from ATA Console
    3. Install the new package on the domain controller

    Method 2

    1. Log in to Windows system for running ATA Center, open Certificates MMC snap-in, and from Personal > Certificates, you find the certificate for ATA Center.
    2. From the Properties for the certificate, you can find the thumbprint, and copy it into a text file.
    3. Log in to Windows system for running ATA Center, open file 'GatewayConfiguration' by using notepad, which is usually located at C:\Program Files\Microsoft Advanced Threat Analytics\Gateway
    4. Replace the parameters "ManagementClientServerCertificateThumbprint" and "ServiceProxyServicePrimaryCertificateThumbprint" with the new thumbprint.

    Best regards,
    Andy Liu

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, March 23, 2017 2:30 AM
    Moderator
  • Hello,

    Is there any update about this issue?

    Best regards,

    Andy Liu


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, March 27, 2017 9:09 AM
    Moderator