locked
Microsoft Advance Threat Analytic gateway service not working RRS feed

  • Question

  • Microsoft ATA Gateway fails to sync with the ATA center. on checking the logs following are the Microsoft ATA gateway logs

    2016-01-09 00:46:34.2982 2752 12  59166ce0-2508-400e-adc8-2545e2c76123 Error [DirectoryServicesClient+<CreateLdapConnectionAsync>d__25] Microsoft.Tri.Infrastructure.ExtendedException: Failed to connect to domain controller [DomainControllerDnsName=atatest.com] ---> System.DirectoryServices.Protocols.LdapException: The LDAP server is unavailable.
       at System.DirectoryServices.Protocols.LdapConnection.Connect()
       at System.DirectoryServices.Protocols.LdapConnection.BindHelper(NetworkCredential newCredential, Boolean needSetCredential)
       at Microsoft.Tri.Gateway.Resolution.DirectoryServicesClient.<CreateLdapConnectionAsync>d__25.MoveNext()
       --- End of inner exception stack trace ---
       at Microsoft.Tri.Gateway.Resolution.DirectoryServicesClient.<CreateLdapConnectionAsync>d__25.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at Microsoft.Tri.Gateway.Resolution.DirectoryServicesClient.<CreateLdapConnectionAsync>d__25.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.Tri.Gateway.Resolution.DirectoryServicesClient.<TryCreateLdapConnectionAsync>d__24.MoveNext() 
    2016-01-09 00:46:34.3139 2752 5   00000000-0000-0000-0000-000000000000 Error [KeyedObjectPool`2] Microsoft.Tri.Infrastructure.ContractException: Contract exception
       at Microsoft.Tri.Infrastructure.Utils.KeyedObjectPool`2..ctor(IReadOnlyCollection`1 keysToItems, Int32 maxSize, CancellationToken cancellationToken, Action`1 itemRemovedCallback)
       at Microsoft.Tri.Gateway.Resolution.DirectoryServicesClient.OnStart()
       at Microsoft.Tri.Infrastructure.Framework.Module.Start()
       at Microsoft.Tri.Infrastructure.Framework.ModuleManager.OnStart()
       at Microsoft.Tri.Infrastructure.Framework.Module.Start()
       at Microsoft.Tri.Infrastructure.Framework.Service.OnStart(String[] args) 

    2016-01-09 01:58:43.4482 1468 7   183d118d-9606-401f-bb9f-d68d3630fd8e Error [DirectoryServicesClient+<CreateLdapConnectionAsync>d__25] Microsoft.Tri.Infrastructure.ExtendedException: Failed to connect to domain controller [DomainControllerDnsName=atatest.com] ---> System.DirectoryServices.Protocols.LdapException: A local error occurred.
       at System.DirectoryServices.Protocols.LdapConnection.BindHelper(NetworkCredential newCredential, Boolean needSetCredential)
       at Microsoft.Tri.Gateway.Resolution.DirectoryServicesClient.<CreateLdapConnectionAsync>d__25.MoveNext()
       --- End of inner exception stack trace ---
       at Microsoft.Tri.Gateway.Resolution.DirectoryServicesClient.<CreateLdapConnectionAsync>d__25.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at Microsoft.Tri.Gateway.Resolution.DirectoryServicesClient.<CreateLdapConnectionAsync>d__25.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.Tri.Gateway.Resolution.DirectoryServicesClient.<TryCreateLdapConnectionAsync>d__24.MoveNext() 
    2016-01-09 01:58:43.4638 1468 5   00000000-0000-0000-0000-000000000000 Error [KeyedObjectPool`2] Microsoft.Tri.Infrastructure.ContractException: Contract exception
       at Microsoft.Tri.Infrastructure.Utils.KeyedObjectPool`2..ctor(IReadOnlyCollection`1 keysToItems, Int32 maxSize, CancellationToken cancellationToken, Action`1 itemRemovedCallback)
       at Microsoft.Tri.Gateway.Resolution.DirectoryServicesClient.OnStart()
       at Microsoft.Tri.Infrastructure.Framework.Module.Start()
       at Microsoft.Tri.Infrastructure.Framework.ModuleManager.OnStart()
       at Microsoft.Tri.Infrastructure.Framework.Module.Start()
       at Microsoft.Tri.Infrastructure.Framework.Service.OnStart(String[] args) 

    The gateway and center are configured on window server 2012 r2 on hyper v. "atatest.com" is my DC How to fix this LDAP error and local error?

    Friday, January 8, 2016 1:10 PM

All replies

  • Hi,

    same problem here. I'm no sure, maybe this could be a hint for wrong or misspelled credentials?

    System.DirectoryServices.Protocols.LdapConnection.BindHelper(NetworkCredential newCredential, Boolean needSetCredential)

    Regards


    Monday, January 11, 2016 10:04 AM
  • Hi Quest,

    You mentioned:

    >  "atatest.com" is my DC"

    Are you sure this is the DC and not the domain name? Does your domain is .COM ?

    It sound like this may be the problem. Try to provide the name of the DC in the ATA UI and see if this make things better.

    Thanks,

           Microsoft ATA Team

    Tuesday, January 12, 2016 10:57 AM
  • Hi ophirp,

    why could .COM be a problem? Our domain ends with .NET - till now there is no problem in our environment. But I cannot monitor a second domain (2DCs). The same error occurs here.

    Regards


    • Edited by EliWallic Wednesday, January 13, 2016 9:42 AM
    Wednesday, January 13, 2016 9:41 AM
  • Hi ElliWallic,

    The problem is not that it ends with ".COM" (or ".NET") but the fact it is the domain itself.

    Usually, a DC (host) name will be something like machine.company.com.

    (So the hostname is machine and the domain is company.com).

    If the hostname itself is company.com this mean that the machine name is "company" and the domain is ".com" which I am not sure it is the correct scenario.

    I would expect the DC hostname in the original poster domain to be something like dc.atatest.com and not just "atatest.com" ...

    Make sense?

      Microsoft ATA Team

    Wednesday, January 13, 2016 9:46 AM
  • Hi Owner,

    yes that makes sense, thanks! But is it also possible to have the Center in a domain A and set up a gateway in a domain B? I got the following error

    Error [DirectoryServicesClient+<CreateLdapConnectionAsync>d__25] Microsoft.Tri.Infrastructure.ExtendedException: Failed to connect to domain controller [DomainControllerDnsName=dc1.domainb.net] ---> System.DirectoryServices.Protocols.LdapException: A local error occurred.

    Regards

    Wednesday, January 13, 2016 1:33 PM
  • Hello ElliWallic,

    This error is not relevant to the original post.

    Please check the following thread for similar issue and how to troubleshoot it:

    https://social.technet.microsoft.com/Forums/security/en-US/5173bd06-f18b-4f95-ac92-76444eec7b63/microsoft-advanced-threat-analytics-gateway-not-starting?forum=mata

    Thanks,

        Microsoft ATA Team

    Wednesday, January 13, 2016 2:17 PM