From 74d58c3a3cebfe952bc389a11b2ca82ed3b34b9f Mon Sep 17 00:00:00 2001 From: Iaan Date: Tue, 3 May 2016 13:43:41 +1000 Subject: [PATCH] html tables --- ...ows-defender-advanced-threat-protection.md | 553 +++++++----------- 1 file changed, 216 insertions(+), 337 deletions(-) diff --git a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md index 04bd07cdfa..7023e288ad 100644 --- a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md @@ -188,344 +188,223 @@ For example, if endpoints are not appearing in the **Machines view** list, you m 3. Events recorded by the service will appear in the log. See the following table for a list of events recorded by the service. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Event IDMessageDescriptionAction
1Windows Advanced Threat Protection service started (Version - ```variable```).Occurs during system start up, shut down, and during - onbboarding.Normal operating notification; no action required.
2Windows Advanced Threat Protection service shutdown.Occurs when the endpoint is shut down or offboarded.Normal operating notification; no action required.
3Windows Advanced Threat Protection service failed to start. - Failure code: ```variable```Service did not start.Review other messages to determine possible cause and - troubleshooting steps.
4Windows Advanced Threat Protection service contacted the - server at ```variable```.variable = URL of the Windows Defender ATP processing - servers.
- This URL will match that seen in the Firewall or network - activity.		Normal operating notification; no action required.
5Windows Advanced Threat Protection service failed to - connect to the server at ```variable```.variable = URL of the Windows Defender ATP processing - servers.
- The service could not contact the external processing servers - at that URL.		Check the connection to the URL. See [Configure proxy and - Internet - connectivity](#configure-proxy-and-Internet-connectivity).
6Windows Advanced Threat Protection service is not onboarded - and no onboarding parameters were found.The endpoint did not onboard correctly and will not be - reporting to the portal.Onboarding must be run before starting the service.
- Check that the onboarding settings and scripts were deployed - properly. Try to redeploy the configuration packages.
- See [Configure Windows Defender ATP - endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md).
7Windows Advanced Threat Protection service failed to read - the onboarding parameters. Failure code: ```variable```The endpoint did not onboard correctly and will not be - reporting to the portal.Check that the onboarding settings and scripts were - deployed properly. Try to redeploy the configuration - packages.
- See [Configure Windows Defender ATP - endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
8Windows Advanced Threat Protection service failed to clean - its configuration. Failure code: ```variable```The endpoint did not onboard correctly and will not be - reporting to the portal.Check that the onboarding settings and scripts were - deployed properly. Try to redeploy the configuration - packages.
- See [Configure Windows Defender ATP - endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
9Windows Advanced Threat Protection service failed to change - its start type. Failure code: ```variable```The endpoint did not onboard correctly and will not be - reporting to the portal.Check that the onboarding settings and scripts were - deployed properly. Try to redeploy the configuration - packages.
- See [Configure Windows Defender ATP - endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
10Windows Advanced Threat Protection service failed to - persist the onboarding information. Failure code: - ```variable```The endpoint did not onboard correctly and will not be - reporting to the portal.Check that the onboarding settings and scripts were - deployed properly. Try to redeploy the configuration - packages.
- See [Configure Windows Defender ATP - endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
11Windows Advanced Threat Protection service completed.The endpoint onboarded correctly.Normal operating notification; no action required.
- It may take several hours for the endpoint to appear in the - portal.
12Windows Advanced Threat Protection failed to apply the - default configuration.Service was unable to apply configuration from the - processing servers.This is a server error and should resolve after a short - period.
13Service machine ID calculated: ```variable```Normal operating process.Normal operating notification; no action required.
14Service cannot calculate machine ID. Failure code: - ```variable```Internal error.Check that the onboarding settings and scripts were - deployed properly. Try to redeploy the configuration - packages.
- See [Configure Windows Defender ATP - endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
15Windows Advanced Threat Protection cannot start command - channel with URL: ```variable```variable = URL of the Windows Defender ATP processing - servers.
- The service could not contact the external processing servers - at that URL.		Check the connection to the URL. See [Configure proxy and - Internet - connectivity](#configure-proxy-and-Internet-connectivity).
17Windows Advanced Threat Protection service failed to change - the Connected User Experiences and Telemetry service location. - Failure code: ```variable```An error occurred with the Windows telemetry service.[Ensure the telemetry service is - enabled](#ensure-that-the-telemetry-and-diagnostics-service-is-enabled)
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Event IDMessageDescriptionAction
1Windows Advanced Threat Protection service started (Version ```variable```).Occurs during system start up, shut down, and during onbboarding.Normal operating notification; no action required.
2Windows Advanced Threat Protection service shutdown.Occurs when the endpoint is shut down or offboarded.Normal operating notification; no action required.
3Windows Advanced Threat Protection service failed to start. Failure code: ```variable```Service did not start.Review other messages to determine possible cause and troubleshooting steps.
4Windows Advanced Threat Protection service contacted the server at ```variable```.variable = URL of the Windows Defender ATP processing servers.
+This URL will match that seen in the Firewall or network activity.		Normal operating notification; no action required.
5Windows Advanced Threat Protection service failed to connect to the server at ```variable```.variable = URL of the Windows Defender ATP processing servers.
+The service could not contact the external processing servers at that URL.		Check the connection to the URL. See [Configure proxy and Internet connectivity](#configure-proxy-and-Internet-connectivity).
6Windows Advanced Threat Protection service is not onboarded and no onboarding parameters were found.The endpoint did not onboard correctly and will not be reporting to the portal.Onboarding must be run before starting the service.
+Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
+See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md).
7Windows Advanced Threat Protection service failed to read the onboarding parameters. Failure code: ```variable```The endpoint did not onboard correctly and will not be reporting to the portal.Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
+See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
8Windows Advanced Threat Protection service failed to clean its configuration. Failure code: ```variable```The endpoint did not onboard correctly and will not be reporting to the portal.Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
+See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
9Windows Advanced Threat Protection service failed to change its start type. Failure code: ```variable```The endpoint did not onboard correctly and will not be reporting to the portal.Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
+See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
10Windows Advanced Threat Protection service failed to persist the onboarding information. Failure code: ```variable```The endpoint did not onboard correctly and will not be reporting to the portal.Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
+See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
11Windows Advanced Threat Protection service completed.The endpoint onboarded correctly.Normal operating notification; no action required.
+It may take several hours for the endpoint to appear in the portal.
12Windows Advanced Threat Protection failed to apply the default configuration.Service was unable to apply configuration from the processing servers.This is a server error and should resolve after a short period.
13Service machine ID calculated: ```variable```Normal operating process.Normal operating notification; no action required.
14Service cannot calculate machine ID. Failure code: ```variable```Internal error.Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
+See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
15Windows Advanced Threat Protection cannot start command channel with URL: ```variable```variable = URL of the Windows Defender ATP processing servers.
+The service could not contact the external processing servers at that URL.		Check the connection to the URL. See [Configure proxy and Internet connectivity](#configure-proxy-and-Internet-connectivity).
17Windows Advanced Threat Protection service failed to change the Connected User Experiences and Telemetry service location. Failure code: ```variable```An error occurred with the Windows telemetry service.[Ensure the telemetry service is enabled](#ensure-that-the-telemetry-and-diagnostics-service-is-enabled)
+Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
+See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
18OOBE (Windows Welcome) is completed.Service will only start after any Windows updates have finished installing.Normal operating notification; no action required.
19OOBE (Windows Welcome) has not yet completed.Service will only start after any Windows updates have finished installing.Normal operating notification; no action required.
+If this error persists after a system restart, ensure all Windows updates have full installed.
20Cannot wait for OOBE (Windows Welcome) to complete. Failure code: ```variable```Internal error.If this error persists after a system restart, ensure all Windows updates have full installed.
25Windows Advanced Threat Protection service failed to reset health status in the registry, causing the onboarding process to fail. Failure code: ```variable```The endpoint did not onboard correctly and will not be reporting to the portal.Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
+See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
26Windows Advanced Threat Protection service failed to set the onboarding status in the registry. Failure code: ```variable```The endpoint did not onboard correctly.
+It will report to the portal, however the service may not appear as registered in SCCM or the registry.		Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
+See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
27Windows Advanced Threat Protection service failed to enable SENSE aware mode in Windows Defender. Onboarding process failed. Failure code: ```variable```Normally, Windows Defender will enter a special passive state if another real-time antimalware product is running properly on the endpoint, and the endpoint is reporting to Windows Defender ATP.Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
+See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
+Ensure real-time antimalware protection is running properly.
28Windows Advanced Threat Protection Connected User Experiences and Telemetry service registration failed. Failure code: ```variable```An error occurred with the Windows telemetry service.[Ensure the telemetry service is enabled](#ensure-that-the-telemetry-and-diagnostics-service-is-enabled).
+Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
+See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
29Windows Advanced Threat Protection service failed to read the offboarding parameters. Failure code: ```variable```Naama: Should I remove this error? Or just leave it as internal?TBD
30Windows Advanced Threat Protection service failed to disable SENSE aware mode in Windows Defender. Failure code: ```variable```Normally, Windows Defender will enter a special passive state if another real-time antimalware product is running properly on the endpoint, and the endpoint is reporting to Windows Defender ATP.Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
+See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
+Ensure real-time antimalware protection is running properly.
31Windows Advanced Threat Protection Connected User Experiences and Telemetry service unregistration failed. Failure code: ```variable```An error occurred with the Windows telemetry service.[Check for errors with the Windows telemetry service](#ensure-that-the-telemetry-and-diagnostics-service-is-enabled).
32Windows Advanced Threat Protection service failed to request to stop itself after offboarding process. Failure code: ```variable```Naama: Should I remove this error? Or just leave it as internal?TBD
33Windows Advanced Threat Protection service failed to persist SENSE GUID. Failure code: ```variable```A unique identifier is used to represent each endpoint that is reporting to the portal.
+If the identifier does not persist, the same machine might appear twice in the portal.		Check registry permissions on the endpoint to ensure the service can update the registry.
34Windows Advanced Threat Protection service failed to add itself as a dependency on the Connected User Experiences and Telemetry service, causing onboarding process to fail. Failure code: ```variable```An error occurred with the Windows telemetry service.[Ensure the telemetry service is enabled](#ensure-that-the-telemetry-and-diagnostics-service-is-enabled).
+Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.
+See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
35Windows Advanced Threat Protection service failed to remove itself as a dependency on the Connected User Experiences and Telemetry service. Failure code: ```variable```Naama: Should I remove this error? Or just leave it as internal?TBD
- Check that the onboarding settings and scripts were deployed - properly. Try to redeploy the configuration packages.
- See [Configure Windows Defender ATP - endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
18OOBE (Windows Welcome) is completed.Service will only start after any Windows updates have - finished installing.Normal operating notification; no action required.
19OOBE (Windows Welcome) has not yet completed.Service will only start after any Windows updates have - finished installing.Normal operating notification; no action required.
- If this error persists after a system restart, ensure all - Windows updates have full installed.
20Cannot wait for OOBE (Windows Welcome) to complete. Failure - code: ```variable```Internal error.If this error persists after a system restart, ensure all - Windows updates have full installed.
25Windows Advanced Threat Protection service failed to reset - health status in the registry, causing the onboarding process - to fail. Failure code: ```variable```The endpoint did not onboard correctly and will not be - reporting to the portal.Check that the onboarding settings and scripts were - deployed properly. Try to redeploy the configuration - packages.
- See [Configure Windows Defender ATP - endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
26Windows Advanced Threat Protection service failed to set - the onboarding status in the registry. Failure code: - ```variable```The endpoint did not onboard correctly.
- It will report to the portal, however the service may not - appear as registered in SCCM or the registry.		Check that the onboarding settings and scripts were - deployed properly. Try to redeploy the configuration - packages.
- See [Configure Windows Defender ATP - endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
27Windows Advanced Threat Protection service failed to enable - SENSE aware mode in Windows Defender. Onboarding process - failed. Failure code: ```variable```Normally, Windows Defender will enter a special passive - state if another real-time antimalware product is running - properly on the endpoint, and the endpoint is reporting to - Windows Defender ATP.Check that the onboarding settings and scripts were - deployed properly. Try to redeploy the configuration - packages.
- See [Configure Windows Defender ATP - endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
- - Ensure real-time antimalware protection is running - properly.
28Windows Advanced Threat Protection Connected User - Experiences and Telemetry service registration failed. Failure - code: ```variable```An error occurred with the Windows telemetry service.[Ensure the telemetry service is - enabled](#ensure-that-the-telemetry-and-diagnostics-service-is-enabled).
- - Check that the onboarding settings and scripts were deployed - properly. Try to redeploy the configuration packages.
- See [Configure Windows Defender ATP - endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
29Windows Advanced Threat Protection service failed to read - the offboarding parameters. Failure code: ```variable```Naama: Should I - remove this error? Or just leave it as internal?TBD
30Windows Advanced Threat Protection service failed to - disable SENSE aware mode in Windows Defender. Failure code: - ```variable```Normally, Windows Defender will enter a special passive - state if another real-time antimalware product is running - properly on the endpoint, and the endpoint is reporting to - Windows Defender ATP.Check that the onboarding settings and scripts were - deployed properly. Try to redeploy the configuration - packages.
- See [Configure Windows Defender ATP - endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
- - Ensure real-time antimalware protection is running - properly.
31Windows Advanced Threat Protection Connected User - Experiences and Telemetry service unregistration failed. - Failure code: ```variable```An error occurred with the Windows telemetry service.[Check for errors with the Windows telemetry - service](#ensure-that-the-telemetry-and-diagnostics-service-is-enabled).
32Windows Advanced Threat Protection service failed to - request to stop itself after offboarding process. Failure code: - ```variable```Naama: Should I - remove this error? Or just leave it as internal?TBD
33Windows Advanced Threat Protection service failed to - persist SENSE GUID. Failure code: ```variable```A unique identifier is used to represent each endpoint that - is reporting to the portal.
- If the identifier does not persist, the same machine might - appear twice in the portal.		Check registry permissions on the endpoint to ensure the - service can update the registry.
34Windows Advanced Threat Protection service failed to add - itself as a dependency on the Connected User Experiences and - Telemetry service, causing onboarding process to fail. Failure - code: ```variable```An error occurred with the Windows telemetry service.[Ensure the telemetry service is - enabled](#ensure-that-the-telemetry-and-diagnostics-service-is-enabled).
- - Check that the onboarding settings and scripts were deployed - properly. Try to redeploy the configuration packages.
- See [Configure Windows Defender ATP - endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
35Windows Advanced Threat Protection service failed to remove - itself as a dependency on the Connected User Experiences and - Telemetry service. Failure code: ```variable```Naama: Should I - remove this error? Or just leave it as internal?TBD
- ## Related topics