Asked by:
Microsoft Advanced Threat Analytics Center service terminated - expired certificate

-
Hi,
I'm running MS ATA 1.9.7312.32791 and haven't had any issues for close to two years.
I noticed yesterday that I didn't receive my daily emails from MS ATA so this morning I checked the ATA server and my event log is full of this message:
The Microsoft Advanced Threat Analytics Center service terminated unexpectedly. It has done this 14 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
I went and checked the log files and in the Errors log file I see this message logged over and over:
Error [CertificateExtension] Microsoft.Tri.Infrastructure.Utils.ExtendedException: There are no matching certificates [StoreLocation=LocalMachine StoreName=My thumbprint=660CXXXXXX]
So I checked the certificates on the server and I can't find a certificate with the thumbprint of 660CXXXXXX.
If I look in MMC I do see the certificate for the server and it has shows that it was recently renewed (probably automatically thru Active directory)
I can't access the ATA website on the server to specify the new certificate.
How can I fix this? Do I need to re-install ATA. If I re-install will I lose all the information that has already been collected?
Thanks in advance,
Nick
Question
All replies
-
Sadly a complete reinstall is in order,
ATA doe snot support cert renewal, only replacement, which should happen using ATA's UI BEFORE the previous cert expired, because we encrypt data with this cert, and once it changes, we can't decrypt the data any more.
-
-
-
-