Gateway unable to register to ATA center RRS feed

  • Question

  • Hi,

    We are running light weight gateways on domain controllers, we are using a windows 2012 server for ATA center.

    4 of the gateways registered with the ATA successfully and reporting activity as expected.

    There is a problem with few gateways ,while I try to install the gateway I continue to see below error message ( error:- The console returned an error while attempting to register the Gateway. For more details ,review the center error logs ).

    I tried rebooting the ATA center, uninstalled ATA center and re-installed it  , checked firewall rules there are no connectivity issues, made sure the ATA gateway has the latest package from ATA center. Can anyone guide me ?

    I dont see any relevant error also from the log files.

    Monday, July 16, 2018 11:20 AM

All replies

  • What happens if you try to use Internet Explorer to log into the console UI from the gateway machines that fails to register?
    Monday, July 16, 2018 11:29 AM
  • I can login successfully through the browser, thats what makes me loose my mind here. 

    Any idea what is this issue?

    Tuesday, July 17, 2018 4:08 AM
  • Hello,

    Is there any intermediate network device, such as WAN Accelerator, Proxy, between the Center and Gateway?

    If you bypass them, does the issue occur again?

    Best regards,

    Andy Liu

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact

    Tuesday, July 17, 2018 5:44 AM
  • There are 2 firewalls ,one at the source and the other at the destination. Both are doing TCP level filtering and they are allowing the connection on port 443. I don't see any denies at all.

    Is there any other reason,why this is occurring?.

    Do you guys do a remote session to support?

    Tuesday, July 17, 2018 6:16 AM
  • Also forgot to mention initially all of the gateways were unable to register.

    After I uninstalled and re-installed the ATA 4 of them registered , rest fail. 

    I am guessing this has something to do with certificate may be? I confirmed I have same certificate thumbprint on gateway agents

    Tuesday, July 17, 2018 6:24 AM
  • Hello,

    Did you check out the ATA Gateway logs, which are located at C:\Program Files\Microsoft Advanced Threat Analytics\Gateway\Logs? Is there any error in the logs?

    In addition, to make the ATA work properly, please check out the ports should be open for ATA Center and Gateway. You can get the list of ports by clicking the following link.

    To get a remote session support, you should create a support ticket.

    Best regards,

    Andy Liu

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact

    Tuesday, July 17, 2018 7:15 AM
  • Hi Andy,

    There are no logs as the install fails as soon as I click install on the gateway file.

    This is not an issue with the ports, I can open the ATA center page from the browser, but when ATA client/gateway is trying to install, its saying unable to register to ATA center.

    I dont find any relevant logs in ATA center console.

    We see that ATA center server is resetting the connection after we took a packet capture on ATA center server.

    Did you see this issue earlier, as soon as TCP handshake is completed, ATA center is sending a reset.



    Tuesday, July 24, 2018 12:10 PM
  • Hello,

    I have the same problem. We have a setup with local ATA GW and other 3 DCs with Lightweight GW, registered in the past succesfully. During the time we were upgraded the center from initial install of version 1.6 by minor versions to current 1.9.7412.9649.

    Afetr some months of nonproblematic use we've decided to change this pilot to production. But we are unnable to register any of resting 5 DCs. We can successfully login to ATA center web from DC. During our troubleshooting, we also tried to completely allow all protocols and ports between ATA GW and Center, but with no success and still the same error output in install log. In GUI of gateway installer it shows 0x80070643 error.

    I think that significant part of log could be following:

    MSI (s) (60:20) [13:51:39:364]: Invoking remote custom action. DLL: C:\Windows\Installer\MSI9A4D.tmp, Entrypoint: InstallFinalize
    SFXCA: Extracting custom action to temporary directory: C:\Windows\Installer\MSI9A4D.tmp-\
    SFXCA: Binding to CLR version v4.0.30319
    Calling custom action Microsoft.Tri.Gateway.Deployment.Package.Actions!Microsoft.Tri.Gateway.Deployment.Package.Actions.CustomActions.InstallFinalize
    2018-08-02 11:51:45.4112 2832 1   Debug [CustomActions] InstallFinalize started
    2018-08-02 11:51:46.8991 2832 1   Debug [DataCollectorSetActions] DataCollectorSetActions Uninstall succeeded
    2018-08-02 11:51:47.7191 2832 1   Debug [DataCollectorSetActions] DataCollectorSetActions Install succeeded
    2018-08-02 11:51:48.4511 2832 1   Debug [CustomActions] CreateSelfSignedCertificate succeeded
    2018-08-02 11:51:50.3817 2832 10  Error [HttpClientExtension] Microsoft.Tri.Infrastructure.Extensions.ExtendedHttpRequestException: Response status code does not indicate success: 500 (Internal Server Error). ---> System.Net.Http.HttpRequestException: Response status code does not indicate success: 500 (Internal Server Error).
       at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()
       at Microsoft.Tri.Infrastructure.Extensions.HttpClientExtension.EnsureSuccessStatusCodeExtended(HttpResponseMessage httpResponseMessage)
       --- End of inner exception stack trace ---
       at Microsoft.Tri.Infrastructure.Extensions.HttpClientExtension.EnsureSuccessStatusCodeExtended(HttpResponseMessage httpResponseMessage)
       at async Microsoft.Tri.Infrastructure.Extensions.HttpClientExtension.PostAsync[](?)
       at async Microsoft.Tri.Common.Management.ManagementClient.<>c__DisplayClass10_0.<RegisterGatewayAsync>b__0(?)
    2018-08-02 11:51:50.4017 2832 1   Debug [CustomActions] RegisterGatewayAsync failed

    Can I share the rest of logs with you via any secure channel?

    Many thanks for help.


    Thursday, August 30, 2018 1:38 PM
  • The most efficient way will be to open a support case with MS support, and get a support engineer to collect your logs via a secured channel and help to troubleshoot.

    Thursday, August 30, 2018 1:48 PM
  • My problem was tied to IE Enhanced Security Configuration was set to 'On'. This was blocking even the install of the Lightweight Gateway onto the Domain Controller.
    Wednesday, November 6, 2019 12:48 PM