locked
ATA 1.8 Lightweight Gateway requirements ? RRS feed

  • Question

  • Hello,

    I had ATA 1.7 installed on a small virtualized environnement with

    1 Lightweigth Gateway installed on my DC (Windows server 2012, 1CPU, 4Go RAM)

    1 ATA Center

    2 computers

    Everything was fine but since I updated ATA to the 1.8 version my gateway doesn't start anymore. When I check the tasks manager, I can see the process "Microsoft ATA Gateway" appear and disappear.

    Does anyone encounter the same problem ?

    I have the Microsoft.Tri.Gateway.log this error:

    2017-07-05 14:55:48.1495 3932 5   b7fde358-4207-467b-a56a-8ee880933b6f Debug [GatewayConfigurationManager] Initializing
    2017-07-05 14:55:49.6576 3932 10  b7fde358-4207-467b-a56a-8ee880933b6f Warn  [WebClient] https://10.112.0.38/api/v1.0 is unavailable: Client certificate doesn't exist
    2017-07-05 14:55:50.6667 3932 10  b7fde358-4207-467b-a56a-8ee880933b6f Warn  [WebClient] https://10.112.0.38/api/v1.0 is unavailable: Client certificate doesn't exist
    2017-07-05 14:55:52.7898 3932 5   00000000-0000-0000-0000-000000000000 Error [WebClient+<InvokeAsync>d__8`1] System.Net.Http.HttpRequestException: PostAsync failed [requestTypeName=UpdateGatewaySystemProfileRequest] ---> System.Net.Http.HttpRequestException: Response status code does not indicate success: 503 (Service Unavailable).
       at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()
       at async Microsoft.Tri.Common.Communication.WebClient.PostAsync[](?)
       at async Microsoft.Tri.Common.Communication.WebClient.PostAsync[](?)
       at async Microsoft.Tri.Common.Communication.WebClient.PostAsync[](?)
       at async Microsoft.Tri.Common.Communication.WebClient.InvokeAsync[](?)
       --- End of inner exception stack trace ---
       at async Microsoft.Tri.Common.Communication.WebClient.InvokeAsync[](?)
       at async Microsoft.Tri.Common.Communication.WebClient.InvokeAsync[](?)
       at async Microsoft.Tri.Gateway.Common.Service.GatewayConfigurationManager`1.GetConfigurationAsync[](?)
       at async Microsoft.Tri.Infrastructure.Framework.ConfigurationManager`2.UpdateConfigurationAsync[](?)
       at async Microsoft.Tri.Gateway.Common.Service.GatewayConfigurationManager`1.UpdateConfigurationAsync[](?)
       at async Microsoft.Tri.Infrastructure.Framework.ConfigurationManager`2.OnInitializeAsync[](?)
       at async Microsoft.Tri.Gateway.Common.Service.GatewayConfigurationManager`1.OnInitializeAsync[](?)
       at async Microsoft.Tri.Infrastructure.Framework.Module.InitializeAsync(?)
       at async Microsoft.Tri.Infrastructure.Framework.ModuleManager.OnInitializeAsync(?)
       at async Microsoft.Tri.Infrastructure.Framework.Module.InitializeAsync(?)
       at async Microsoft.Tri.Infrastructure.Framework.Service.OnStartAsync(?)
       at Microsoft.Tri.Infrastructure.Framework.Service.OnStart(String[] args)
    
    I use self-signed certificates and the implementation seems OK

    Wednesday, July 5, 2017 8:06 AM

All replies

  • Hello,

    First, please make sure ATA Center is up and running after upgrading to ATA 1.8.

    Then, after the ATA Center was successfully upgraded to 1.8, please also upgrade the ATA Lightweight Gateway to 1.8 from the ATA Console.

    More details about the update procedures, please see the following article.
    https://docs.microsoft.com/en-us/advanced-threat-analytics/ata-update-1.8-migration-guide

    Best regards,
    Andy Liu

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, July 6, 2017 7:44 AM
  • Hello,

    Thank you for your answer.

    Yes I followed these steps, my ATA center is up and running and my Lightweight Gateway is upgrated (version 1.8.6645.28499) but stopped...

    Is there anyway to start it manually without the "Microsoft.Tri.Gateway.Updater" ?

    Regards,

    Clément

    Thursday, July 6, 2017 8:32 AM
  • Hello Clement,

    According to the error below, this is a problem on the server side(ATA Center). It means the ATA Gateway can't get reply from ATA Center. Thus, please make sure you can visit ATA Center from the web browser. 

    ERROR: Response status code does not indicate success: 503 (Service Unavailable)

    Meanwhile, please make sure there is no firewall between ATA Center and ATA Gateway, which may block the communication on TCP port 443. Additionally, you may try to restart the service for ATA Center.

    >>> Is there anyway to start it manually without the "Microsoft.Tri.Gateway.Updater" ?

    Do you mean updating ATA Gateway manually instead of automatically? If so ,you can configure that from the ATA Console.

    Best regards,

    Andy Liu



    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, July 7, 2017 9:59 AM
  • Hello Andy, 

    I can visit the ATA Center through the web browser, from the DC where the Lightweight Gateway is installed, but I have to authenticate to access to the console.

    There is no firewall enabled in my demo environment, and I tried to restart the ATA Center service, to reboot the server where the center is installed, to unistall and re install all ATA entities,... But still the same error.

    I also tried to import manualy certificates, as the warn message in logs says the client certificate doesn't exist.

    But no change. The most surprising is that the ATA version 1.7 was working well with the same configuration...

    I really don't know what is the source of this problem.

    Wednesday, July 12, 2017 11:49 AM