deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 06:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

create new troubleshooting topic, add new images of cmd results

Browse Source
This commit is contained in:
Joey Caparas 2016-05-06 16:29:55 +10:00
parent 71f3bebcb7
commit fe78fa4ab2
5 changed files with 138 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
windows/keep-secure/TOC.md
View File

@ -410,6 +410,7 @@
##### [Additional configuration settings](additional-configuration-windows-defender-advanced-threat-protection.md) ##### [Additional configuration settings](additional-configuration-windows-defender-advanced-threat-protection.md)
##### [Monitor onboarding](monitor-onboarding-windows-defender-advanced-threat-protection.md) ##### [Monitor onboarding](monitor-onboarding-windows-defender-advanced-threat-protection.md)
##### [Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) ##### [Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
##### [Troubleshoot onboarding issues2](troubleshoot-onboarding2-windows-defender-advanced-threat-protection.md)
#### [Data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md) #### [Data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md)
#### [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md) #### [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md)
#### [Use the Windows Defender ATP portal](use-windows-defender-advanced-threat-protection.md) #### [Use the Windows Defender ATP portal](use-windows-defender-advanced-threat-protection.md)

6
windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md
View File

@ -12,6 +12,12 @@ author: mjcaparas
# Configure proxy and Internet connectivity settings # Configure proxy and Internet connectivity settings
**Applies to:**
- Windows 10 Insider Preview
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
The embedded Windows Defender ATP sensor runs in system context using the LocalSystem account. The sensor uses Microsoft Windows HTTP Services (WinHTTP) to enable communication with the Windows Defender ATP cloud service. This is considered as the appropriate method of communication this type of usage scenario. The embedded Windows Defender ATP sensor runs in system context using the LocalSystem account. The sensor uses Microsoft Windows HTTP Services (WinHTTP) to enable communication with the Windows Defender ATP cloud service. This is considered as the appropriate method of communication this type of usage scenario.
The WinHTTP configuration setting is independent of the Windows Internet (WinINet) internet browsing proxy settings and can only discover a proxy server by using the following discovery methods: The WinHTTP configuration setting is independent of the Windows Internet (WinINet) internet browsing proxy settings and can only discover a proxy server by using the following discovery methods:

BIN
windows/keep-secure/images/windefatp-sc-qc-diagtrack.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 80 KiB

BIN
windows/keep-secure/images/windefatp-sc-query-diagtrack.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 58 KiB

131
windows/keep-secure/troubleshoot-onboarding2-windows-defender-advanced-threat-protection.md Normal file
View File

@ -0,0 +1,131 @@
---
title: Troubleshoot Windows Defender ATP onboarding issues
description: Troubleshoot issues that might arise during the onboarding of endpoints or to the Windows Defender ATP service.
keywords: troubleshoot onboarding, onboarding issues, event viewer, azure management portal, data collection and preview builds
search.product: eADQiWindows 10XVcnh
ms.prod: W10
ms.mktglfcycl: deploy
ms.sitesec: library
author: iaanw
---
# Troubleshoot Windows Defender Advanced Threat Protection onboarding issues2
**Applies to:**
- Windows 10 Insider Preview
<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
You might need to troubleshoot the onboarding process if you encounter issues.
## Endpoints not reporting correctly
If you have completed the endpoint onboarding process and don't see endpoints in the [Machines view](investigate-machines-windows-defender-advanced-threat-protection.md), then this might indicate endpoint onboarding or a connectivity issue that you need to address.
To address this issue:
- Ensure that the endpoint is onboarded successfully
- Ensure that the Windows Defender ATP service is enabled
- Ensure that the telemetry and diagnostics service is enabled
- Ensure that the Windows Defender ATP endpoint has internet connection
### Ensure that the endpoint is onboarded successfully
### Ensure that the Windows Defender ATP service is enabled
### Ensure that the telemetry and diagnostics service is enabled
If the endpoints aren't reporting correctly, you might need to check that the Windows 10 telemetry and diagnostics service is enabled on the endpoint. The service may have been disabled by other programs or user configuration changes.
You will need to check the startup type and verify that the service is running.
There are two ways to check the startup type for the service: from the command line or in the services console.
**Check the startup type from the command line:**
1. Open an elevated command-line prompt on the endpoint:
a. Click **Start** and type **cmd**.
b. Right-click **Command prompt** and select **Run as administrator**.
2. Enter the following command and press **Enter**.
```
sc qc query diagtrack
```
3. If the service is enabled, it will be set to automatically start. The result should look like the following:
![Result of the sc query command for diagtrack](images/windefatp-sc-qc-diagtrack.png)
```
SERVICE_NAME: diagtrack
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k utcsvc
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Connected User Experiences and Telemetry
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem
```
4. If the **START_TYPE** is not set to **AUTO_START**, then you'll need to enter the following command and press **Enter**:
```
sc config diagtrack start=auto
```
5. A success message is displayed. Verify the change by entering the following command and press **Enter**:
```
sc qc diagtrack
```
**Check the startup type in the services console:**
1. Open the services console:
a. Click **Start** and type **services**. Press **Enter** to open the console.
2. Scroll through the list of services until you find **Connected User Experiences and Telemetry**.
3. Check the **Startup type** column - the service should be set as **Automatic**.
ASK ALON HOW SET TO AUTOMATIC IF IT'S NOT SET FROM THE CONSOLE.
**Check that the service is running from the command line**
1. Open an elevated command-line prompt on the endpoint:
a. Click **Start** and type **cmd**.
b. Right-click **Command prompt** and select **Run as administrator**.
2. Enter the following command and press **Enter**.
```
sc query diagtrack
```
3. If the service is running, the result should look like the following:
![Result of the sc query command for sc query diagtrack](images/windefatp-sc-query-diagtrack.png)
4. If the service STATE is not set to RUNNING, then you'll need to enter the following command and press **Enter**:
```
sc start diagtrack
```
5. A success message is displayed. Verify the change by entering the following command and press **Enter**:
```
sc query diagtrack
```
### Ensure that the Windows Defender ATP endpoint has internet connection