locked
ATA Gateway Services keep starting RRS feed

  • Question

  • Hi,

    I just deploy ATA Gateway. My ATA version is 1.2.1815.10621

    However my ATA Gateway services keep trying to start. In event viewer saying that it failed to restart.

    On ATA Center | Gateway | mentioned "Configuration required" Syncing gateway. Any idea why this is happening?

    Installation - use self signed certificate. Account using my domain admin account.

    Besides that, how to verify that it really working as it need 21 days to capture and give result. Please advise.

    Thanks


    Lai (My blog:- http://www.ms4u.info)

    Wednesday, August 5, 2015 4:00 AM

All replies

  • Hi Lai,

    Can you look on the gateway error log for the last exception and share it?

    The error log can be found at:

    C:\Program Files\Microsoft Advanced Threat Analytics\Gateway\Logs\Microsoft.Tri.Gateway-Errors.log

    Thanks,

                    Microsoft ATA Team.

    Wednesday, August 5, 2015 8:02 PM
  • Hi,

    Some last portion of the error as requested

    Server stack trace: 
       at System.ServiceModel.Channels.CommunicationObject.Close(TimeSpan timeout)

    Exception rethrown at [0]: 
       at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
       at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
       at System.ServiceModel.ICommunicationObject.Close()
       at Microsoft.Common.Utils.ExceptionHandler.<>c__DisplayClass1.<Run>b__0()
       at Microsoft.Common.Utils.ExceptionHandler.Run[TResult](Func`1 function, Boolean shouldRethrow)
    2015-08-06 21:03:04.5468 1512 5   00000000-0000-0000-0000-000000000000 Error [AsyncResult]  System.ServiceModel.EndpointNotFoundException: Could not connect to net.tcp://127.0.0.2:443/ICenterConfigurationManager. The connection attempt lasted for a time span of 00:00:01.0313616. TCP error code 10061: No connection could be made because the target machine actively refused it 127.0.0.2:443.  ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 127.0.0.2:443
       at System.Net.Sockets.Socket.EndConnect(IAsyncResult asyncResult)
       at System.ServiceModel.Channels.SocketConnectionInitiator.ConnectAsyncResult.OnConnect(IAsyncResult result)
       --- End of inner exception stack trace ---

    Server stack trace: 
       at System.Runtime.AsyncResult.End[TAsyncResult](IAsyncResult result)
       at System.ServiceModel.Channels.CommunicationObject.EndOpen(IAsyncResult result)

    Exception rethrown at [0]: 
       at System.Runtime.AsyncResult.End[TAsyncResult](IAsyncResult result)
       at System.ServiceModel.Channels.ServiceChannel.SendAsyncResult.End(SendAsyncResult result)
       at System.ServiceModel.Channels.ServiceChannel.EndCall(String action, Object[] outs, IAsyncResult result)
       at System.ServiceModel.Channels.ServiceChannelProxy.TaskCreator.<>c__DisplayClass5`1.<CreateGenericTask>b__4(IAsyncResult asyncResult)
       at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.Tri.Gateway.Service.GatewayConfigurationManager.<UpdateConfigurationAsync>d__2.MoveNext()
    2015-08-06 21:03:12.0654 1564 7   db29bd9d-6917-4292-8ce8-4320f2aa86fa Error [RealProxy]  System.ServiceModel.CommunicationObjectFaultedException: The communication object, System.ServiceModel.Channels.ServiceChannel, cannot be used for communication because it is in the Faulted state.

    Server stack trace: 
       at System.ServiceModel.Channels.CommunicationObject.Close(TimeSpan timeout)

    Exception rethrown at [0]: 
       at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
       at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
       at System.ServiceModel.ICommunicationObject.Close()
       at Microsoft.Common.Utils.ExceptionHandler.<>c__DisplayClass1.<Run>b__0()
       at Microsoft.Common.Utils.ExceptionHandler.Run[TResult](Func`1 function, Boolean shouldRethrow)
    2015-08-06 21:03:12.0654 1564 5   00000000-0000-0000-0000-000000000000 Error [AsyncResult]  System.ServiceModel.EndpointNotFoundException: Could not connect to net.tcp://127.0.0.2:443/ICenterConfigurationManager. The connection attempt lasted for a time span of 00:00:01.0311458. TCP error code 10061: No connection could be made because the target machine actively refused it 127.0.0.2:443.  ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 127.0.0.2:443
       at System.Net.Sockets.Socket.EndConnect(IAsyncResult asyncResult)
       at System.ServiceModel.Channels.SocketConnectionInitiator.ConnectAsyncResult.OnConnect(IAsyncResult result)
       --- End of inner exception stack trace -


    Lai (My blog:- http://www.ms4u.info)

    Thursday, August 6, 2015 6:06 AM
  • Hi Lai,

    It seems that when you installed the center machine, you choose the local host address (127.0.0.2) as the communication address. This address should only be used in case the gateway and the center are installed on the same machine (which is not recommended and going to be removed on GA version).

    Please see the below thread for some more information:

    https://social.technet.microsoft.com/Forums/security/en-US/f3ca130d-4218-4e35-8f7e-74c94d3b47e4/gateway-service-restarts?forum=mata

    Thanks,

       Microsoft ATA Team.

    Thursday, August 6, 2015 8:53 AM
  • Hi,

    I have reinstalled ATA using IP rather than 127 ip. Now services has started and i can configure ATA gateway. How do i know it is working since the guide mentioned wait 21 days? Please advise


    Lai (My blog:- http://www.ms4u.info)

    Saturday, August 8, 2015 3:59 PM
  • Hi Lai,

    You may want to take a look on the following thread:

    https://social.technet.microsoft.com/Forums/security/en-US/1dafbe4f-9373-49c8-81c1-0b1ef4907279/not-sure-if-gateway-service-is-running?forum=mata

      Thanks,

             Microsoft ATA Team.

    Monday, August 10, 2015 10:36 AM
  • Hello.  I'm wondering is the ability to install the center and gateway on the same host has been removed from the GA version?  I'm attempting to test the ATA appliance on a limited test deployment and have installed them both on a single machine.  I am having the same issues the started this threat (Gateway constantly restarting), and I'm trying to eliminate possible causes.

    The Gateway error log follows, but specific error is 'System.DirectoryServices.Protocols.LdapExeption: A local error occurred':


    015-09-22 20:57:06.8346 2708 5   00000000-0000-0000-0000-000000000000 Debug [GatewayService] Starting
    015-09-22 20:57:06.8996 2708 5   00000000-0000-0000-0000-000000000000 Debug [GatewayModuleManager] Initialized
    015-09-22 20:57:07.0446 2708 5   00000000-0000-0000-0000-000000000000 Debug [SecretManager] Initialized
    015-09-22 20:57:07.0586 2708 5   00000000-0000-0000-0000-000000000000 Debug [GatewayConfigurationManager] Initialized
    015-09-22 20:57:07.6856 2708 5   00000000-0000-0000-0000-000000000000 Debug [GatewayAppDomainManager] Initialized
    015-09-22 20:57:07.6936 2708 5   00000000-0000-0000-0000-000000000000 Debug [GatewayMonitoringEngine] Initialized
    015-09-22 20:57:07.7076 2708 5   00000000-0000-0000-0000-000000000000 Debug [EntitySender] Initialized
    015-09-22 20:57:07.7226 2708 5   00000000-0000-0000-0000-000000000000 Debug [NetworkNameResolver] Initialized
    015-09-22 20:57:07.7366 2708 5   00000000-0000-0000-0000-000000000000 Debug [DirectoryServicesClient] Initialized
    015-09-22 20:57:07.7506 2708 5   00000000-0000-0000-0000-000000000000 Debug [DirectoryServicesResolver] Initialized
    015-09-22 20:57:07.7646 2708 5   00000000-0000-0000-0000-000000000000 Debug [EntityResolver] Initialized
    015-09-22 20:57:07.7786 2708 5   00000000-0000-0000-0000-000000000000 Debug [EventActivityTranslator] Initialized
    015-09-22 20:57:07.7866 2708 5   00000000-0000-0000-0000-000000000000 Debug [EventListener] Initialized
    015-09-22 20:57:07.7946 2708 5   00000000-0000-0000-0000-000000000000 Debug [WindowsEventLogReader] Initialized
    015-09-22 20:57:07.8046 2708 5   00000000-0000-0000-0000-000000000000 Debug [NetworkActivityTranslator] Initialized
    015-09-22 20:57:07.8136 2708 5   00000000-0000-0000-0000-000000000000 Debug [NetworkListener] Initialized
    015-09-22 20:57:07.8216 2708 5   00000000-0000-0000-0000-000000000000 Debug [GatewayTelemetryManager] Initialized
    015-09-22 20:57:07.8306 2708 5   00000000-0000-0000-0000-000000000000 Debug [PerformanceCounterManager] Initialized
    015-09-22 20:57:07.8336 2708 5   00000000-0000-0000-0000-000000000000 Debug [GatewayModuleManager] Starting
    015-09-22 20:57:07.8406 2708 5   5fa80cda-e8cc-4060-9544-1187729e5377 Debug [SecretManager] Starting
    015-09-22 20:57:07.8616 2708 5   5fa80cda-e8cc-4060-9544-1187729e5377 Debug [SecretManager] Started
    015-09-22 20:57:07.8616 2708 5   5fa80cda-e8cc-4060-9544-1187729e5377 Debug [GatewayConfigurationManager] Starting
    015-09-22 20:57:10.5228 2708 5   5fa80cda-e8cc-4060-9544-1187729e5377 Debug [GatewayConfigurationManager] Started
    015-09-22 20:57:10.5228 2708 5   5fa80cda-e8cc-4060-9544-1187729e5377 Debug [GatewayAppDomainManager] Starting
    015-09-22 20:57:10.5318 2708 5   5fa80cda-e8cc-4060-9544-1187729e5377 Debug [GatewayAppDomainManager] Started
    015-09-22 20:57:10.5318 2708 5   5fa80cda-e8cc-4060-9544-1187729e5377 Debug [GatewayMonitoringEngine] Starting
    015-09-22 20:57:10.5378 2708 5   5fa80cda-e8cc-4060-9544-1187729e5377 Debug [GatewayMonitoringEngine] Started
    015-09-22 20:57:10.5378 2708 5   5fa80cda-e8cc-4060-9544-1187729e5377 Debug [EntitySender] Starting
    015-09-22 20:57:10.6218 2708 5   5fa80cda-e8cc-4060-9544-1187729e5377 Debug [EntitySender] Started
    015-09-22 20:57:10.6228 2708 5   5fa80cda-e8cc-4060-9544-1187729e5377 Debug [NetworkNameResolver] Starting
    015-09-22 20:57:10.6838 2708 5   5fa80cda-e8cc-4060-9544-1187729e5377 Debug [NetworkNameResolver] Started
    015-09-22 20:57:10.6848 2708 5   5fa80cda-e8cc-4060-9544-1187729e5377 Debug [DirectoryServicesClient] Starting
    015-09-22 20:57:10.7588 2708 5   5fa80cda-e8cc-4060-9544-1187729e5377 Error [DirectoryServicesClient] Microsoft.Tri.Infrastructure.ExtendedException
     Failed to connect to domain controller [DomainControllerDnsName=<snip>] ---> System.DirectoryServices.Protocols.LdapEx
    eption: A local error occurred.
      at System.DirectoryServices.Protocols.LdapConnection.BindHelper(NetworkCredential newCredential, Boolean needSetCredential)
      at Microsoft.Tri.Gateway.Resolution.DirectoryServicesClient.CreateLdapConnection(DomainControllerConnectionData domainControllerConnectionData, Bo
    lean isGlobalCatalog)
      --- End of inner exception stack trace ---
      at Microsoft.Tri.Gateway.Resolution.DirectoryServicesClient.CreateLdapConnection(DomainControllerConnectionData domainControllerConnectionData, Bo
    lean isGlobalCatalog)
      at Microsoft.Tri.Gateway.Resolution.DirectoryServicesClient.TryCreateLdapConnection(DomainControllerConnectionData domainControllerConnectionData)

    015-09-22 20:57:10.7798 2708 5   00000000-0000-0000-0000-000000000000 Error [KeyedObjectPool`2] Microsoft.Tri.Infrastructure.ContractException: Cont
    act exception
      at Microsoft.Tri.Infrastructure.Utils.KeyedObjectPool`2..ctor(IReadOnlyCollection`1 keysToItems, Int32 maxSize, CancellationToken cancellationToke
    , Action`1 itemRemovedCallback)
      at Microsoft.Tri.Gateway.Resolution.DirectoryServicesClient.OnStart()
      at Microsoft.Tri.Infrastructure.Framework.Module.Start()
      at Microsoft.Tri.Infrastructure.Framework.ModuleManager.OnStart()
      at Microsoft.Tri.Infrastructure.Framework.Module.Start()
      at Microsoft.Tri.Infrastructure.Framework.Service.OnStart(String[] args)

    Tuesday, September 22, 2015 9:10 PM
  • Hi matt_g1972, 

    I have the same problem, do you know how you fixed this issue? 
    I installed the console and gateway on one PC and it just tries to restart the gateway and tells me it cannot connect to the domain controllers. 

    If I go to "Direcroty Services" I can test the connection and it is working.

    did you find a solution? 

    Wednesday, September 14, 2016 3:45 PM
  • Hello,

    You can find some suggestions for troubleshooting this issue in this link:

    https://docs.microsoft.com/en-us/advanced-threat-analytics/troubleshoot/troubleshooting-ata-known-errors

    Hope this helps,

     Microsoft ATA Team.

    Wednesday, September 14, 2016 3:51 PM
  • Hey ATA Team, 

    the solution for my problem should be: 

    1. Confirm that the domain controller’s DNS record is configured properly in the DNS server. 
    2. Verify that the time of the ATA Gateway is synchronized with the time of the domain controller.

    The DNS record is configured properly and the time is synchronized but it doesn't work anyway.

    If I test the connection in "Directory Services" it says "connection succeeded" so I guess the username/pw and domain connection is working, but the gateway (on the same server as the console) isn't. 

    Any ideas? 

    EDIT: 
    Now I got another error: "System.Servicemodel.FaultException: An error occurred when verifying security for the message."

    The solve for that one is: "Verify that the time of the ATA Gateway is synchronized with the time of the ATA Center." But its not working 

    Some Info: I now use 3 PC's, one as DC with a Lightweight Gateway(which is working), one as a Center and one as a gateway with Port mirroring from the DC.

    • Edited by jochot Thursday, September 15, 2016 1:12 PM
    Thursday, September 15, 2016 10:11 AM