Update other-troubleshooting.md

windows/keep-secure/other-troubleshooting.md

@@ -23,6 +23,13 @@ You might need to troubleshoot the onboarding process if you encounter issues.
 
 If you have completed the endpoint onboarding process and don't see endpoints in the [Machines view](investigate-machines-windows-defender-advanced-threat-protection.md) after 20 minutes, it might indicate an endpoint onboarding or a connectivity problem.
 
+Go through the following verification topics to address this issue:
+
+- [Ensure that the endpoint is onboarded successfully](#Ensure-that-the-endpoint-is-onboarded-successfully)
+- [Ensure that the Windows Defender ATP service is enabled](#Ensure-that-the-Windows-Defender-ATP-service-is-enabled)
+- [Ensure that the telemetry and diagnostics service is enabled](#Ensure-that-the-telemetry-and-diagnostics-service-is-enabled)
+- [Ensure that the Windows Defender ATP endpoint has internet connection](#Ensure-that-the-Windows-Defender-ATP-endpoint-has-internet-connection)
+
 ### Ensure that the endpoint is onboarded successfully
 If the endpoints aren't reporting correctly, you might need to check that the Windows Defender Advanced Threat Protection service was successfully onboarded on the endpoint.
 
@@ -41,3 +48,56 @@ If the endpoints aren't reporting correctly, you might need to check that the Wi
   ![Image of OnboardingState status in Registry Editor](images/onboardingstate.png)
 
   If the **OnboardingState** value is not set to **1**, follow the instructions on **Identifying and addressing onboarding issues**.
+  
+**Identifying and addressing onboarding errors:**    
+
+1. Click **Start**.
+ 
+2. Type **Event Viewer**.
+
+3. In **Event Viewer**, browse to the **Application and Services Logs\Microsoft\Windows\SENSE** directory.
+
+4. Click the **Operational** log.
+
+5. In the **Action** pane, click **Filter Current log**.
+
+6. Select **Critical**, **Warning**, and **Error**, then click **OK**.
+
+  ![Image of Event Viewer log filter](images/filter-log.png)
+  
+7. Review the remaining events which can indicate issues and troubleshoot them based on the corresponding solutions from the following table:
+
+Event ID | Message | Resolution steps
+:---|:---|:---
+5 | Windows Advanced Threat Protection service failed to connect to the server at ```variable```| Ensure that the Windows Defender ATP endpoint has internet access.
+6 | Windows Advanced Threat Protection service failed to read the onboarding parameters. Failure code: ```variable```| Run the onboarding script again.
+7 |  Windows Advanced Threat Protection service failed to read the onboarding parameters. Failure code: ```variable```| Ensure that the Windows Defender ATP endpoint has internet access, then run the onboarding script again.
+15 | Windows Advanced Threat Protection cannot start command channel with URL: ```variable``` | Ensure that the Windows Defender ATP endpoint has internet access.  
+
+### Ensure that the Windows Defender ATP service is enabled
+If the endpoints aren't reporting correctly, you might need to check that the Windows 10 Windows Defender Advanced Threat Protection service is enabled on the endpoint. 
+
+**Check the startup type from the command line:**
+
+1.  Open an elevated command-line prompt on the endpoint:
+
+  a.  Click **Start** and type **cmd**.
+  b.  Right-click **Command prompt** and select **Run as administrator**.
+ 
+2.  Enter the following command and press **Enter**:
+  ```
+  sc qc sense
+  ```
+  If the the service is running, then the result should look like the following screenshot:
+  
+  ![Result of the sq query sense command](images/sc-query-sense-autostart.png)
+
+3. If the service **START_TYPE** is not set to **AUTO_START**, then you'll need to enter the following command and press **Enter**:
+  ```
+  sc config sense start=auto
+  ```
+4.  A success message is displayed. Verify the change by entering the following command and press **Enter**:
+
+  ```
+  sc qc sense
+  ```