Search This Blog

Showing posts with label Defender for Identity. Show all posts
Showing posts with label Defender for Identity. Show all posts

Tuesday, January 2, 2024

Another Error code 0x80070643 when installing Microsoft Defender for Identity sensor

Description:

You got another 0x80070643 error when installing Microsoft Defender for Identity sensor. This time you don't use proxy to connect to internet or you have make sure that there's no proxy issue causing the error.
When you look at the Microsoft.Tri.Sensor.Updater log file you notice there's an error saying "PerformanceCounterLib System.InvalidOperationException: Category does not exist."
Also at Microsoft.Tri.Sensor.Deployment.Deployer log file you saw "System.ServiceProcess.TimeoutException: Time out has expired and the operation has not been completed" exception.
When you ran perfmon.exe you some error popup saying "Unable to add several counters"

Resolution:

You need to rebuild the Performance Counter
1. Launch Command Prompt as Administrator.
2. Change Directory to "C:\WINDOWS\System32"
3. Rebuild resource counters by typing the command: lodctr /r

Verify by running perfmon.exe again, and it should start without an error.
After that you should be able to install the MDI Sensor.

Tuesday, December 28, 2021

Microsoft Defender for Identity sensor installation failing - error code 0x80070643

Description:

You are trying to install Microsoft Defender for Identity sensor on a Domain Controller. The Domain Controller need to use proxy to communicate to the internet. You've enter the correct proxy setting on the Domain Controller system setting. And you've make sure the required communication port (443) are already open from Domain Controller to *.atp.azure.com. However you still got stop error 0x80070643.

Resolution:

Configure the proxy setting using registry. You must copy the proxy configuration that you use in user context to the localsystem and localservice. To copy your user context proxy settings:

  1. Make sure to back up the registry keys before you modify them.

  2. In the registry, search for the value DefaultConnectionSettings as REG_BINARY under the registry key HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings. Export all the value inside the Connections key.

  3. Open the exported file and edit the location to become HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings. Save the first copy of the file.

  4. Double click the new file to import the value from the Current_user DefaultConnectionSettings to LocalSystem.

  5. After that, open the exported file and edit the location to become HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings. Save the second copy of the file.

  6. Double click the second file to import value from the Current_User DefaultConnectionSettings to LocalService.

  7. Close the registry editor.

Try to re-run the installation process again.

Cannot Re-Install NPCAP

Description:

You are trying to re-install NPCAP as part of Microsoft Defender for Identity Sensor deployment on a Domain Controller. However you got stuck uninstall error problem.

You have try to remove the registry from Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\NpcapInst. However the problem still exist.

Resolution:

Search for possible services that were using NPCAP. Example is Wireshark or Cisco Tetration. Stop those services and try to re-install NPCAP again.

Search Google