This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 60%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHG%3C/text%3E%3C/svg%3E)
I am following the article below to onboarding our Windows servers to the Microsoft Defender Portal using the onboarding script with GPO.
The GPO was successfully applied to the servers and I can see the scheduled task (running the onboarding script) on the task list locally on the server. However, the script didn't seem to run and Network Threat protection service was not installed. I checked the task history and it didn't show any error other than the return code 2147942401. I checked the path (to the script) and the name of the script few times and it looks fine to.
Any idea how to troubleshoot this issue?
Thanks
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)
Hello there,
If the onboarding is completed successfully but the devices aren't showing up in the Devices list after an hour check the result of the script on the device:
Click Start, type Event Viewer, and press Enter.
Go to Windows Logs > Application.
Look for an event from WDATPOnboarding event source.
If the script fails and the event is an error, you can check the event ID in the following table to help you troubleshoot the issue. https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/troubleshoot-onboarding?view=o365-worldwide#troubleshoot-onboarding-when-deploying-with-a-script
Hope this resolves your Query !!
--If the reply is helpful, please Upvote and Accept it as an answer–
Thanks for the reply. The onboarding process was never succeed because the Windows defender Advanced Threat Protection service didn't get installed and I didn't see the WDATPOnboarding event source from the application log. I think the problem was that the onboardingscript didn't run properly. However, I do not know what the cause it and need some advice on finding it out. Thanks.
Thanks for the quick reply. The machine has never been onboarded as I didn't see the Windows Defender Advanced Threat Protection service get installed and the WDATPOnboarding event source is not there. I think the problem is the script not being ran properly. However, I am not sure where the log is for the script is. I checked job history and it has the return code of 2147942401. I researched the code but it didn't find too much information.
Just ran the script locally on the machine without using GPO. The script ran but return nothing. Didn't see any log created in the same directory.