Forum Discussion
Azure ATP Sensor Setup - service not starting - missing dependency
When installing Azure ATP Sensor Setup it just stalls midway and the rolls back the installation. I've looked into the logs and can see its unable to startup the service AATPSensorUpdater. I did a dependecy check and the WMI Performance Adapter (wmiApSrv) service is missing, which is a dependecy.
We got 3 domain controllers, the setup only completed on one (it also got the WMI Performance Adapter (wmiApSrv) service).
My question is now, how do I get the WMI Performance Adapter (wmiApSrv) service on the other 2 domain controllers so I can complete the installation?
We are running virtual servers with VMware (WS2019)
- Just to give a final update on this:
So the error logs showed that there was a problem with the performance counters on the DC.
I've been in contact with Microsoft support and their performance counter specialist but no problems where found with the performance counters.
The conclusion and fix, is a decommision of the DC and set up a new DC. Not the best solution but a lot of faultsearching was done.See also my reply in Re: Sensor service keeps restarting (after auto upgrade) - Microsoft Community Hub
eventually, it was a Performance Counter that was disabled which solved my issue. I had the same issue as you.
- Hello Marthin2770
The WMI Performance Adapter service (wmiApSrv) is a standard service provided with the Windows operating system. It's unusual for it to be missing from a Windows Server 2019 installation, so you might want to first verify if the service is actually missing or if it's just disabled or not running.
Here are steps to check the status of the service:
1. Open the Services console by typing `services.msc` in the run dialog (Win + R).
2. Look for "WMI Performance Adapter" in the list of services.
If the service is there but is just not running or is disabled, you can right-click on it, select Properties, and then change the startup type to Automatic or Manual, then start the service.
If the WMI Performance Adapter service is indeed missing, it might be an issue with the operating system itself. The WMI Performance Adapter service is part of the Windows Management Instrumentation (WMI) which is a core part of Windows.
As a next step, you could try to repair the WMI repository. Here's how you do it:
1. Run Command Prompt as an administrator.
2. Type `winmgmt /verifyrepository` and press Enter.
3. If the WMI repository is not consistent, type `winmgmt /salvagerepository` and press Enter.
4. If the WMI repository is consistent, type `winmgmt /resetrepository` and press Enter.
After the above steps, check again if the WMI Performance Adapter service is available.
Please be careful and consider contacting Microsoft Support or a qualified IT professional, especially when making changes to domain controllers or other critical infrastructure. Marthin2770 Hey , Make sure that the WmiApSrv.exe file exists in the %WinDir%\system32\wbem folder. If this file is missing, you can try to restore it from your Windows server 2019 installation media.
or try to copy it from your domain controller that already working to the 2 other domain controllers and then you can try to install the sensor again.
Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily.
eliekarkafy Hi, thanks for your reply.
The WmiApSrv.exe file exists in the %WinDir%\system32\wbem folder, but the service is missing. I'm unsure if adding it manually with "sc create "wmiAPSrv" binpath= "C:\Windows\System32\wbem\WmiApSrv.exe"" is the right way to do it but I tried.
The Azure Advanced Threat Protection Sensor Updater service is still not starting though:
Service error:
"Windows could not start the Azure Advanced Threat Protection Sensor Updater service on Local Computer. Error 1067: The process terminated unexpectedly."
From log "Microsoft.Tri.Sensor.Deployment.Deployer_20230627101213":
"2023-06-27 10:13:18.1790 Error ServiceControllerExtension ChangeServiceStatus failed to change service status [name=AATPSensorUpdater status=Running Exception=System.ServiceProcess.TimeoutException: Time out has expired and the operation has not been completed.
at System.ServiceProcess.ServiceController.WaitForStatus(ServiceControllerStatus desiredStatus, TimeSpan timeout)"From log on DC1 "Microsoft.Tri.Sensor.Updater-Errors":
"2023-06-27 10:12:26.9427 Error PerformanceCounterMetricManager+<>c System.TypeInitializationException: The type initializer for 'Microsoft.Tri.Infrastructure.PerformanceCounterMetricManager' threw an exception. ---> System.InvalidCastException: Specified cast is not valid."
From log on DC2"Microsoft.Tri.Sensor.Updater-Errors":
2023-06-27 10:33:54.7543 Error PerformanceCounterLib System.InvalidOperationException: Category does not exist.
at CategorySample System.Diagnostics.PerformanceCounterLib.GetCategorySample(string machine, string category)
at string[] System.Diagnostics.PerformanceCounterCategory.GetCounterInstances(string categoryName, string machineName)
at new Microsoft.Tri.Infrastructure.MetricManager(IConfigurationManager configurationManager)
at object lambda_method(Closure, object[])
at object Autofac.Core.Activators.Reflection.ConstructorParameterBinding.Instantiate()
at void Microsoft.Tri.Infrastructure.ModuleManager.AddModules(Type[] moduleTypes)
at ModuleManager Microsoft.Tri.Sensor.Updater.SensorUpdaterService.CreateModuleManager()
at async Task Microsoft.Tri.Infrastructure.Service.OnStartAsync()
at void Microsoft.Tri.Infrastructure.TaskExtension.Await(Task task)
at void Microsoft.Tri.Infrastructure.Service.OnStart(string[] args)Ok, I finally managed to complete the install on DC2.
Did in elevated CMD:
lodctr /r
Then
lodctr /q
and enabled any performance countes that where disabled with
lodctr /e:<provider name>
I will try the same for DC1 and get back with the result
