locked
Stuck on Configuration Required RRS feed

  • Question

  • It says "syncing gateway"

    After i install it ( Both on a domain controler and sccm server). Any chance anyone know what step i missed during installation?

    My event logged is spammed with: The Microsoft Advanced Threat Analytics Gateway service terminated unexpectedly.  It has done this 58 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.


    • Edited by GMEKS Wednesday, May 6, 2015 10:27 AM
    Wednesday, May 6, 2015 10:27 AM

Answers

  • Hi GMEKS,

    Please note that the web UI and the Center endpoint are two different listeners (both use port 443, but they should be different IP addresses).

    When doing the telnet test (and checking the port), please make sure to check the address of the Center endpoint and not the Web UI address.

    If the center endpoint and the web UI share the same IP address - this may be the problem. In this case, I recommend to change the web UI address (just add another IP to the machine, and change the binding setting in the IIS).

    Hope this helps.

    Ophir.

    • Marked as answer by GMEKS Wednesday, May 6, 2015 1:57 PM
    Wednesday, May 6, 2015 1:34 PM

All replies

  • Hi GMEKS,

    Can you take a look on the following file:

    "C:\Program Files\Microsoft Advanced Threat Analytics\Gateway\Logs\Microsoft.Tri.Gateway-ExceptionStatistics.log"

    For any exceptions ?

    Thanks,

                      Ophir.

    Wednesday, May 6, 2015 11:31 AM
  • https://file.plania.no/DownloadInfo.aspx?id=NSMRJ

    This link will expire in 10 days.

    Its from the domain controller.

    Loots of errors

    Wednesday, May 6, 2015 12:19 PM
  • Hi GMEKS,

    Thanks for sharing the files. Next time is enough to check the Microsoft.Tri.Gateway-ExceptionStatistics.log file and not need all the others (it is just summary of all the errors that are in the other files).

    From looking on the errors it looks like networking issue between the gateway and the center.

    Do you have any FW between the GW and Center that may block the traffic ?

    I recommend to check with telnet on the gateway machine and see if you can access the center listening IP and port (You can confirm the center's endpoint address from the "center" tab in the configuration page).

    You may also want to check the center itself and confirm the service "Microsoft Advanced Threat Analytics Center" is running. If it stopping, you can look for similar exception file (Microsoft.Tri.Center-ExceptionStatistics) in the center log directory for errors.

    P.S. - We do not recommend to install the GW on the DC itself, you should install it on dedicated server and do port mirroring with your DC.

    Ophir.


    Wednesday, May 6, 2015 12:27 PM
  • The file your describing does not  exist. So i sent those in the log folder

    There is no internal firewalls ( Windows disables on internal network).
    They are on the same vlan

    Port 443 is open, as i can view the web page both from the domain controller and other computer (sccm, that has the same issue).

    Wednesday, May 6, 2015 1:16 PM
  • Hi GMEKS,

    Please note that the web UI and the Center endpoint are two different listeners (both use port 443, but they should be different IP addresses).

    When doing the telnet test (and checking the port), please make sure to check the address of the Center endpoint and not the Web UI address.

    If the center endpoint and the web UI share the same IP address - this may be the problem. In this case, I recommend to change the web UI address (just add another IP to the machine, and change the binding setting in the IIS).

    Hope this helps.

    Ophir.

    • Marked as answer by GMEKS Wednesday, May 6, 2015 1:57 PM
    Wednesday, May 6, 2015 1:34 PM
  • I used 1 ip and 1 port.

    I suspect the way to do this is:

    install

    Notice that for some reason one of the bindings is set to 127.... "fix it" and change the web to use a dns name.

    :)

    Thanks for the help

    Wednesday, May 6, 2015 1:58 PM
  • Hi,

    Is it working for you right now?

    //Mattias

    Friday, May 8, 2015 4:53 PM