question

MateuszBender-5444 avatar image
0 Votes"
MateuszBender-5444 asked Eli-Ofek commented

"Failed to connect to domain controller" exception when generating report

This one's odd. I've installed ATA, configured it (seemingly correctly), but I can't seem to generate a basic report. Attempts to do so yield an "ActionStateGeneratingFailure" on-screen error, while inspecting the actual script shows me that the server returned a 500 error code. Looking deeper into the Microsoft.Tri.Gateway-ExceptionStatistics log file, I find the following.

 Count: 2
 Microsoft.Tri.Infrastructure.Utils.ExtendedException: Failed to connect to domain controller [DomainControllerDnsName=[DC name] ErrorCode=81] ---> System.DirectoryServices.Protocols.LdapException: The LDAP server is unavailable.
    at System.DirectoryServices.Protocols.LdapConnection.Connect()
    at System.DirectoryServices.Protocols.LdapConnection.BindHelper(NetworkCredential newCredential, Boolean needSetCredential)
    at async Microsoft.Tri.Gateway.Resolution.DirectoryServices.DirectoryServicesClient.CreateLdapConnectionAsync(?)
    --- End of inner exception stack trace ---
    at async Microsoft.Tri.Gateway.Resolution.DirectoryServices.DirectoryServicesClient.CreateLdapConnectionAsync(?)
    at async Microsoft.Tri.Gateway.Resolution.DirectoryServices.DirectoryServicesClient.CreateLdapConnectionAsync(?)
    at async Microsoft.Tri.Gateway.Resolution.DirectoryServices.DirectoryServicesClient.TryCreateLdapConnectionAsync(?)

Except I'm pretty sure the settings used to connect to the DC are connect (I've tested them and they were OK), the DC seems to be online and working fine as well. Just for good measure I've tried connecting using ADSI Edit from another DC to the one listed in the error and I was able to connect without any issues.

What's going on here?

EDIT:
Some update on this. Still not sure why the gateway log showed what it did, but I had misconfigured the gateways (should be using lightweight on DCs instead of the "regular").

Anyway, here's the log:

 2021-05-03 16:16:15.9900 6032 40  Error [Enumerable] [message=WebApi action failed [ActionArguments={
   "reportType": "Summary",
   "startDate": "2021-04-28T00:00:00Z",
   "endDate": "2021-05-03T00:00:00Z",
   "localeId": "en-us"
 }]] System.InvalidOperationException: Sequence contains no matching element
    at System.Linq.Enumerable.Single[TSource](IEnumerable`1 source, Func`2 predicate)
    at Microsoft.Tri.Center.Monitoring.MonitoringAlertExtension.<>c__DisplayClass1_0.<GetDescriptionAsync>b__0(ObjectId _)
    at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext()
    at System.Collections.Generic.List`1..ctor(IEnumerable`1 collection)
    at System.Linq.Enumerable.ToList[TSource](IEnumerable`1 source)
    at async Microsoft.Tri.Center.Monitoring.MonitoringAlertExtension.GetDescriptionAsync(?)
    at async Microsoft.Tri.Center.Data.EntityExporter.<>c__DisplayClass14_0.<CreateMonitoringAlertsTableAsync>b__1(?)
    at async Microsoft.Tri.Center.Data.EntityExporter.GetPropertyNameToValueMappingAsync[](?)
    at async Microsoft.Tri.Center.Data.EntityExporter.<>c__DisplayClass14_0.<CreateMonitoringAlertsTableAsync>b__0(?)
    at async Microsoft.Tri.Infrastructure.Extensions.EnumerableExtension.SelectAsync[](?)
    at async Microsoft.Tri.Center.Data.EntityExporter.CreateMonitoringAlertsTableAsync(?)
    at async Microsoft.Tri.Center.Reports.SummaryReport.CreateFileContentAsync(?)
    at async Microsoft.Tri.Center.Data.Excel.CreateFileDataAsync(?)
    at async Microsoft.Tri.Center.Reports.Reporter.CreateAsync(?)
    at async Microsoft.Tri.Center.Management.Controllers.ReportsController.DownloadReport(?)
    at async System.Threading.Tasks.TaskHelpersExtensions.CastToObject[](?)
    at async System.Web.Http.Controllers.ApiControllerActionInvoker.InvokeActionAsyncCore(?)
    at async System.Web.Http.Controllers.ActionFilterResult.ExecuteAsync(?)
    at async System.Web.Http.Filters.AuthorizationFilterAttribute.ExecuteAuthorizationFilterAsyncCore(?)
    at async System.Web.Http.Filters.AuthorizationFilterAttribute.ExecuteAuthorizationFilterAsyncCore(?)
    at async System.Web.Http.Controllers.ExceptionFilterResult.ExecuteAsync(?)

Seems as if there isn't anything to display in the report? That, or MS did an oopsie. ;)

ems-advanced-threat-analytics
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Eli-Ofek avatar image
2 Votes"
Eli-Ofek answered Eli-Ofek commented

This is an old bug, which ATA version is it ?
It happens because you have an active health alert on a gateway that was deleted after the alert opened...
Search the health timeline for an alert "No traffic received from domain controller" and delete it.
If it's is still relevant it will be reopened soon after that with the correct gateway list, but anyway, this should resolve the report creation error.

· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ATA ver 1.9.7576.49398.

AFAIK it's the latest one?

0 Votes 0 ·

Also, I didn't delete any alerts, given this is a brand new ATA installation.

0 Votes 0 ·
Eli-Ofek avatar image Eli-Ofek MateuszBender-5444 ·

Yes, it's the latest, which is a bit odd. This is a new deployment based on this version ?
Anyway, the cause are not deleted alerts, but deleted Gateway.
you might have deleted a gateway which alerted, even if you reinstalled it on the same machine, it could have caused it.
locate the alert I mentioned above, and delete it now. Check after that to see if the error resolves and you can run the report without errors.

1 Vote 1 ·

This turned out to be correct. However removing of the actual alerts wasn't straightforward. Here's what I did (in case anyone else has the same issue):

However, I'd like to point out that this seems like a bug, and MS should likely investigate and fix this...



0 Votes 0 ·
Show more comments
Eli-Ofek avatar image
0 Votes"
Eli-Ofek answered MateuszBender-5444 commented

For the report generation, you need to look for the error in the Center's log, not in the Gateway's log.
As for the error you found in the Gateway (Error code 81) , you found it in the summary, can you check it in the full log file and see if it keeps happening and what was the last time it happened? if it was a long time ago, then you can ignore it.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Check the edit for the additional log.

0 Votes 0 ·