From 522cae8b058abba974672c998215c5510149b807 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 13 Jul 2016 15:44:42 +1000 Subject: [PATCH] fix line breaks --- ...ows-defender-advanced-threat-protection.md | 21 ++++++++++--------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md index 9f682897b7..c1bca127bf 100644 --- a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md @@ -76,6 +76,7 @@ Event ID | Error Type | Resolution steps 35 | The script failed to find needed onboarding status registry value | When the SENSE service starts for the first time, it writes onboarding status to the registry location ```HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status```. The script failed to find it after several seconds. You can manually test it and check if it's there. For more information on events and errors related to SENSE, see [Review events and errors on endpoints with Event viewer].(event-error-codes-windows-defender-advanced-threat-protection.md). 40 | SENSE service onboarding status is not set to **1** | The SENSE service has failed to onboard properly. For more information on events and errors related to SENSE, see [Review events and errors on endpoints with Event viewer](event-error-codes-windows-defender-advanced-threat-protection.md). +
**Use Event Viewer to identify and adress onboarding errors**: 1. Click **Start**, type **Event Viewer**, and press **Enter**. @@ -367,11 +368,11 @@ If none of the event logs and troubleshooting steps work, download the Local scr Error Code Hex | Error Code Dec | Error Description | OMA-URI | Possible cause and troubleshooting steps :---|:---|:---|:---|:--- -0x87D1FDE8 | -2016281112 | Remediation failed | Onboarding
Offboarding | **Possible cause:** Onboarding or offboarding failed on a wrong blob: wrong signature or missing PreviousOrgIds fields

**Troubleshooting steps:**
Check the event IDs in the [Ensure the endpoint is onboarded successfully](#ensure-the-endpoint-is-onboarded-successfully) section.
Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/en-us/library/windows/hardware/mt632120%28v=vs.85%29.aspx). - | | | Onboarding
Offboarding
SampleSharing | ***Possible cause:*** Windows Defender ATP Policy registry key does not exist or the OMA DM client doesn't have permissions to write to it.

**Troubleshooting steps:** Ensure that the following registry key exists: ```HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection```.

If it doesn't exist, open an elevated command and add the key. - | | | SenseIsRunning
OnboardingState
OrgId | ***Possible cause:*** An attempt to remediate by read-only property. Onboarding has failed.

**Troubleshooting steps:** Check the troubleshooting steps in [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](#troubleshoot-windows-defender-advanced-threat-protection-onboarding-issues).
Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/en-us/library/windows/hardware/mt632120%28v=vs.85%29.aspx). - | | | All | ***Possible cause:*** Attempt to deploy Windows Defender ATP on non-supported SKU/Platform, particularly Holographic SKU.
Currently is supported platforms: Enterprise, education, and professional.
Server is not supported. - 0x87D101A9 | -2016345687 |Syncml(425): The requested command failed because the sender does not have adequate access control permissions (ACL) on the recipient. | All | ***Possible cause:*** Attempt to deploy Windows Defender ATP on non-supported SKU/Platform, particularly Holographic SKU.
Currently is supported platforms: Enterprise, Education, and Professional. +0x87D1FDE8 | -2016281112 | Remediation failed | Onboarding
Offboarding | **Possible cause:** Onboarding or offboarding failed on a wrong blob: wrong signature or missing PreviousOrgIds fields

**Troubleshooting steps:**
Check the event IDs in the [Ensure the endpoint is onboarded successfully](#ensure-the-endpoint-is-onboarded-successfully) section.

Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/en-us/library/windows/hardware/mt632120%28v=vs.85%29.aspx). + | | | Onboarding
Offboarding
SampleSharing | **Possible cause:** Windows Defender ATP Policy registry key does not exist or the OMA DM client doesn't have permissions to write to it.

**Troubleshooting steps:** Ensure that the following registry key exists: ```HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection```.

If it doesn't exist, open an elevated command and add the key. + | | | SenseIsRunning
OnboardingState
OrgId | **Possible cause:** An attempt to remediate by read-only property. Onboarding has failed.

**Troubleshooting steps:** Check the troubleshooting steps in [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](#troubleshoot-windows-defender-advanced-threat-protection-onboarding-issues).

Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/en-us/library/windows/hardware/mt632120%28v=vs.85%29.aspx). + | | | All | **Possible cause:** Attempt to deploy Windows Defender ATP on non-supported SKU/Platform, particularly Holographic SKU.

Currently is supported platforms: Enterprise, education, and professional.
Server is not supported. + 0x87D101A9 | -2016345687 |Syncml(425): The requested command failed because the sender does not have adequate access control permissions (ACL) on the recipient. | All | ***Possible cause:*** Attempt to deploy Windows Defender ATP on non-supported SKU/Platform, particularly Holographic SKU.

Currently is supported platforms: Enterprise, Education, and Professional.
**Known issues with non-compliance** @@ -380,8 +381,8 @@ The following table provides information on issues with non-compliance and how y Case | Symptoms | Possible cause and troubleshooting steps :---|:---|:--- -1 | Machine is compliant by SenseIsRunning OMA-URI. But is non-compliant by OrgId, Onboarding and OnboardingState OMA-URIs. | ***Possible cause:*** Check that user passed OOBE after Windows installation or upgrade. During OOBE onboarding couldn't be completed but SENSE is running already.
**Troubleshooting steps:** Wait for OOBE to complete. -2 | Machine is compliant by OrgId, Onboarding, and OnboardingState OMA-URIs, but is non-compliant by SenseIsRunning OMA-URI. | ***Possible cause:*** Sense service's startup type is set as "Delayed Start". Sometimes this causes the Microsoft Intune server to report the machine as non-compliant by SenseIsRunning when DM session occurs on system start.
**Troubleshooting steps:** The issue should automatically be fixed within 24 hours. +1 | Machine is compliant by SenseIsRunning OMA-URI. But is non-compliant by OrgId, Onboarding and OnboardingState OMA-URIs. | **Possible cause:** Check that user passed OOBE after Windows installation or upgrade. During OOBE onboarding couldn't be completed but SENSE is running already.

**Troubleshooting steps:** Wait for OOBE to complete. +2 | Machine is compliant by OrgId, Onboarding, and OnboardingState OMA-URIs, but is non-compliant by SenseIsRunning OMA-URI. | **Possible cause:** Sense service's startup type is set as "Delayed Start". Sometimes this causes the Microsoft Intune server to report the machine as non-compliant by SenseIsRunning when DM session occurs on system start.

**Troubleshooting steps:** The issue should automatically be fixed within 24 hours. 3 | Machine is non-compliant | **Troubleshooting steps:** Ensure that Onboarding and Offboarding policies are not deployed on the same machine at same time.
@@ -396,9 +397,9 @@ Channel name: Admin ID | Severity | Event description | Description :---|:---|:---|:--- 1801 | Error | Windows Defender Advanced Threat Protection CSP: Failed to Get Node's Value. NodeId: (%1), TokenName: (%2), Result: (%3) | Windows Defender ATP has failed to get specific node's value.
TokenName: Contains node name that caused the error.
Result: Error details. -1802 | Information | Windows Defender Advanced Threat Protection CSP: Get Node's Value complete. NodeId: (%1), TokenName: (%2), Result: (%3) | Windows Defender ATP has completed to get specific node's value.
TokenName: Contains node name
Result: Error details or succeeded. -1819 | Error | Windows Defender Advanced Threat Protection CSP: Failed to Set Node's Value. NodeId: (%1), TokenName: (%2), Result: (%3). | Windows Defender ATP has completed to get specific node's value.
TokenName: Contains node name that caused the error
Result: Error details. -1820 | Information | Windows Defender Advanced Threat Protection CSP: Set Nod's Value complete. NodeId: (%1), TokenName: (%2), Result: (%3). | Windows Defender ATP has completed to get specific node's value.
TokenName: Contains node name
Result: Error details or succeeded. +1802 | Information | Windows Defender Advanced Threat Protection CSP: Get Node's Value complete. NodeId: (%1), TokenName: (%2), Result: (%3) | Windows Defender ATP has completed to get specific node's value.
TokenName: Contains node name

Result: Error details or succeeded. +1819 | Error | Windows Defender Advanced Threat Protection CSP: Failed to Set Node's Value. NodeId: (%1), TokenName: (%2), Result: (%3). | Windows Defender ATP has completed to get specific node's value.

TokenName: Contains node name that caused the error

Result: Error details. +1820 | Information | Windows Defender Advanced Threat Protection CSP: Set Nod's Value complete. NodeId: (%1), TokenName: (%2), Result: (%3). | Windows Defender ATP has completed to get specific node's value.

TokenName: Contains node name

Result: Error details or succeeded. ## Troubleshoot onboarding issues with System Center Configuration Manager (current branch) version 1606