This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 7.000000000000001%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKP%3C/text%3E%3C/svg%3E)
Hi,
I got this kind of problem after Microsoft ATA Lightweight Gateway has been installed on WS 2019 Standard.
Installation has been finished correctly but after that Microsoft Advanced Threat Analytics Gateway service is in the starting state all the time.
This is what I got under Microsoft.Tri.Gateway-Errors:
2022-05-09 22:24:43.7559 2604 5 Error [WebClient+<InvokeAsync>d__8`1] System.Net.Http.HttpRequestException: PostAsync failed [requestTypeName=StartDataCollectorSetRequest] ---> System.Net.Http.HttpRequestException: Response status code does not indicate success: 500 (Internal Server Error).
and this is what is under Microsoft.Tri.Gateway.Updater-Errors
2022-05-09 22:26:02.0918 4292 11 Error [IDataCollectorSet] System.IO.DirectoryNotFoundException: The path could not be found. (Exception from HRESULT: 0x80030003 (STG_E_PATHNOTFOUND))
at PlaLibrary.IDataCollectorSet.Query(String name, String Server)
at Microsoft.Tri.Infrastructure.Utils.DataCollectorSet.IsExists(String name)
at async Microsoft.Tri.Infrastructure.Framework.PerformanceCounterCategoryManager.StartDataCollectorSetAsync(?)
at async Microsoft.Tri.Gateway.Updater.Service.GatewayUpdaterWebApplication.<>c__DisplayClass3_0.<OnInitializeAsync>b__5(?)
at async Microsoft.Tri.Common.Communication.CommunicationHandler`2.InvokeAsync
DataCollectorSets folder didnt create in this path C:\Program Files\Microsoft Advanced Threat Analytics\Gateway\Logs
I alerady checked --> HKLM\System\CurrentControlSet\Services\PerfProc\Performance
DisablePerformanceCounters is set = 0
and after called lodctr /R from an elevated prompt under the system32 folder
result:
Info: Successfully rebuilt performance counter setting from system backup store
....but still no luck, service in starting mode with the same errors.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 77%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEO%3C/text%3E%3C/svg%3E)
Backup the "Microsoft ATA Gateway" entry in the registry under PLA, then delete it.
Let's see if the Gateway can start after that.
It's in a limbo state, it has the registry key, but not the corresponding file, which explains the error we got.
Is there a 3rd AV software running that might be blocking us ? I had a similar case once.
Make sure the PLA service is running.
Also make sure Local service and Local system have access to the Logs folder.
Is there any output when running "logman "Microsoft ATA Gateway" ?
what if you run this command as local system ?
Hi Eli,
thanks for fast response
There is Sentinel One installed but this one is also installed on other two DC's where it works fine.
PLA is running.
Local service and Local system have access to the Logs folder - it has
C:\Windows\system32>logman "Microsoft ATA Gateway"
Error:
The path %1 could not be found.
This is how it looks.
OK, so we have a repro of the same error using logman...
what is the output if you run logman without any parameters ?
This is what I got:
C:\Windows\system32>logman
Data Collector Set Type Status
The command completed successfully.
