{"id":2129,"date":"2016-01-12T00:01:23","date_gmt":"2016-01-11T22:01:23","guid":{"rendered":"http:\/\/blog.hosebei.ch\/?p=2129"},"modified":"2016-01-12T00:01:23","modified_gmt":"2016-01-11T22:01:23","slug":"microsoft-advanced-threat-analytics-installation-issues","status":"publish","type":"post","link":"https:\/\/blog.hosebei.ch\/?p=2129","title":{"rendered":"Microsoft Advanced Threat Analytics Installation Issues"},"content":{"rendered":"<p>Today I tried to get the new Microsoft Advanced Threat Analytics up and running within my LAB, since it&#8217;s released and also is included in the Enterprise Mobility Suite (EMS), you really should have a look on it.<br \/>\nFor the Installation make sure that you can really check the following points:<\/p>\n<ul>\n<li>Only one Server is required (you can deploy the ATA Service and the Gateway(s) on different Servers<\/li>\n<li>You have to use Windows Server 2012 R2<\/li>\n<li>Be sure that you have updated your Server (especially KB2919355)<\/li>\n<li>The VM requires two Network Adapters<\/li>\n<\/ul>\n<p>See also the official <a href=\"https:\/\/technet.microsoft.com\/en-us\/library\/dn707709.aspx\">TechNet Documentation<\/a> for all the Installation Requirements. <!--more--><\/p>\n<p>Unfortunately my Server was not correctly patched, thus the ATA Gateway Installer always crashed, and in the Event Log I could find entries from .Net Runtime with ID 1026 and Application Error with EventID 1000.<br \/>\nThe Messages start with an Information from the Windows Error Reporting with Event ID 1001 and content:<\/p>\n<blockquote><p>Fault bucket , type 0<br \/>\nEvent Name: CLR20r3<br \/>\nResponse: Not available<br \/>\nCab Id: 0<br \/>\nFault bucket , type 0<br \/>\nEvent Name: CLR20r3<br \/>\nResponse: Not available<br \/>\nCab Id: 0<\/p><\/blockquote>\n<p>The .Net Runtime Error was:<\/p>\n<blockquote><p>\nFaulting application name: Microsoft ATA Gateway Setup.exe, version: 1.5.2946.21571, time stamp: 0x561d8cdc<br \/>\nFaulting module name: KERNELBASE.dll, version: 6.3.9600.18007, time stamp: 0x55c4bcfc<\/p><\/blockquote>\n<p>After reading the Link provided earlier (<a href=\"https:\/\/technet.microsoft.com\/en-us\/library\/dn707709.aspx\">here again<\/a>), I could not find any differences, except the updated Server topic. I briefly checked that, and after updating the Gateway Server, the Installation worked flawlessly.<\/p>\n<p>And after waiting some minutes (this is also pointed out on the TechNet Articles, that the ATA Gateway requires some minutes when it&#8217;s start for the first time), I could see my attackers on the net, which was myself \ud83d\ude42<br \/>\n<a href=\"http:\/\/blog.hosebei.ch\/wp-content\/uploads\/2016\/01\/ata_installissue01.png\" rel=\"attachment wp-att-2131\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/blog.hosebei.ch\/wp-content\/uploads\/2016\/01\/ata_installissue01.png?w=300\" alt=\"Microsoft ATA Warning\" width=\"300\" height=\"216\" class=\"aligncenter size-medium wp-image-2131\" srcset=\"https:\/\/blog.hosebei.ch\/wp-content\/uploads\/2016\/01\/ata_installissue01.png 970w, https:\/\/blog.hosebei.ch\/wp-content\/uploads\/2016\/01\/ata_installissue01-300x216.png 300w, https:\/\/blog.hosebei.ch\/wp-content\/uploads\/2016\/01\/ata_installissue01-768x553.png 768w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p>I would also like to point on this very interesting TechNet Blog from Ken Lince: <a href=\"http:\/\/blogs.technet.com\/b\/klince\/archive\/2016\/01\/10\/microsoft-advanced-threat-analytics-lab-setup-and-demo.aspx\">http:\/\/blogs.technet.com\/b\/klince\/archive\/2016\/01\/10\/microsoft-advanced-threat-analytics-lab-setup-and-demo.aspx<\/a><\/p>\n<p>Hope this helps<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Today I tried to get the new Microsoft Advanced Threat Analytics up and running within my LAB, since it&#8217;s released and also is included in the Enterprise Mobility Suite (EMS), you really should have a look on it. For the Installation make sure that you can really check the following points: Only one Server is [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"class_list":["post-2129","post","type-post","status-publish","format-standard","hentry","category-ata"],"_links":{"self":[{"href":"https:\/\/blog.hosebei.ch\/index.php?rest_route=\/wp\/v2\/posts\/2129","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.hosebei.ch\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.hosebei.ch\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.hosebei.ch\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.hosebei.ch\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2129"}],"version-history":[{"count":0,"href":"https:\/\/blog.hosebei.ch\/index.php?rest_route=\/wp\/v2\/posts\/2129\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.hosebei.ch\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2129"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.hosebei.ch\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2129"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.hosebei.ch\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2129"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}