This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 7.000000000000001%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKP%3C/text%3E%3C/svg%3E)
Hi,
I got this kind of problem after Microsoft ATA Lightweight Gateway has been installed on WS 2019 Standard.
Installation has been finished correctly but after that Microsoft Advanced Threat Analytics Gateway service is in the starting state all the time.
This is what I got under Microsoft.Tri.Gateway-Errors:
2022-05-09 22:24:43.7559 2604 5 Error [WebClient+<InvokeAsync>d__8`1] System.Net.Http.HttpRequestException: PostAsync failed [requestTypeName=StartDataCollectorSetRequest] ---> System.Net.Http.HttpRequestException: Response status code does not indicate success: 500 (Internal Server Error).
and this is what is under Microsoft.Tri.Gateway.Updater-Errors
2022-05-09 22:26:02.0918 4292 11 Error [IDataCollectorSet] System.IO.DirectoryNotFoundException: The path could not be found. (Exception from HRESULT: 0x80030003 (STG_E_PATHNOTFOUND))
at PlaLibrary.IDataCollectorSet.Query(String name, String Server)
at Microsoft.Tri.Infrastructure.Utils.DataCollectorSet.IsExists(String name)
at async Microsoft.Tri.Infrastructure.Framework.PerformanceCounterCategoryManager.StartDataCollectorSetAsync(?)
at async Microsoft.Tri.Gateway.Updater.Service.GatewayUpdaterWebApplication.<>c__DisplayClass3_0.<OnInitializeAsync>b__5(?)
at async Microsoft.Tri.Common.Communication.CommunicationHandler`2.InvokeAsync
DataCollectorSets folder didnt create in this path C:\Program Files\Microsoft Advanced Threat Analytics\Gateway\Logs
I alerady checked --> HKLM\System\CurrentControlSet\Services\PerfProc\Performance
DisablePerformanceCounters is set = 0
and after called lodctr /R from an elevated prompt under the system32 folder
result:
Info: Successfully rebuilt performance counter setting from system backup store
....but still no luck, service in starting mode with the same errors.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 77%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEO%3C/text%3E%3C/svg%3E)
Backup the "Microsoft ATA Gateway" entry in the registry under PLA, then delete it.
Let's see if the Gateway can start after that.
It's in a limbo state, it has the registry key, but not the corresponding file, which explains the error we got.
Odd.
Please run those commands and share the output:
logman create counter perf_log -c "\Processor(_Total)\% Processor Time"
logman perf_log
logman
The aim here is to check basic functionality of data collection and try to isolate the issue.
Here you have it:
C:\Windows\system32>logman create counter perf_log -c "\Processor(_Total)\% Processor Time"
The command completed successfully.
C:\Windows\system32>logman perf_log
Name: perf_log
Status: Stopped
Root Path: %systemdrive%\PerfLogs\Admin
Segment: Off
Schedules: On
Run as: SYSTEM
Name: perf_log\perf_log
Type: Counter
Append: Off
Circular: Off
Overwrite: Off
Sample Interval: 15 second(s)
Counters:
\Processor(_Total)\% Processor Time
The command completed successfully.
C:\Windows\system32>logman
Data Collector Set Type Status
perf_log Counter Stopped
The command completed successfully.
OK, so basic functions seems to work, we have something weird specifically with the gateway collector.
Can you run
dir C:\Windows\System32\Tasks\Microsoft\Windows\PLA
reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\PLA
I wonder if we see it listed there even though it's not shown by logman.
][2]