This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 7.000000000000001%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKP%3C/text%3E%3C/svg%3E)
Hi,
I got this kind of problem after Microsoft ATA Lightweight Gateway has been installed on WS 2019 Standard.
Installation has been finished correctly but after that Microsoft Advanced Threat Analytics Gateway service is in the starting state all the time.
This is what I got under Microsoft.Tri.Gateway-Errors:
2022-05-09 22:24:43.7559 2604 5 Error [WebClient+<InvokeAsync>d__8`1] System.Net.Http.HttpRequestException: PostAsync failed [requestTypeName=StartDataCollectorSetRequest] ---> System.Net.Http.HttpRequestException: Response status code does not indicate success: 500 (Internal Server Error).
and this is what is under Microsoft.Tri.Gateway.Updater-Errors
2022-05-09 22:26:02.0918 4292 11 Error [IDataCollectorSet] System.IO.DirectoryNotFoundException: The path could not be found. (Exception from HRESULT: 0x80030003 (STG_E_PATHNOTFOUND))
at PlaLibrary.IDataCollectorSet.Query(String name, String Server)
at Microsoft.Tri.Infrastructure.Utils.DataCollectorSet.IsExists(String name)
at async Microsoft.Tri.Infrastructure.Framework.PerformanceCounterCategoryManager.StartDataCollectorSetAsync(?)
at async Microsoft.Tri.Gateway.Updater.Service.GatewayUpdaterWebApplication.<>c__DisplayClass3_0.<OnInitializeAsync>b__5(?)
at async Microsoft.Tri.Common.Communication.CommunicationHandler`2.InvokeAsync
DataCollectorSets folder didnt create in this path C:\Program Files\Microsoft Advanced Threat Analytics\Gateway\Logs
I alerady checked --> HKLM\System\CurrentControlSet\Services\PerfProc\Performance
DisablePerformanceCounters is set = 0
and after called lodctr /R from an elevated prompt under the system32 folder
result:
Info: Successfully rebuilt performance counter setting from system backup store
....but still no luck, service in starting mode with the same errors.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 77%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEO%3C/text%3E%3C/svg%3E)
Backup the "Microsoft ATA Gateway" entry in the registry under PLA, then delete it.
Let's see if the Gateway can start after that.
It's in a limbo state, it has the registry key, but not the corresponding file, which explains the error we got.
Weird.
in last effort I would try to export the data collector definition to xml via logman (which now sees it),
Then delete it via logman.
Re create it via logman via the xml and even try to start it via log man.
the idea is to get the collector running separately from ATA, and then I expect ATA to run fine as well.
Deleting the registry key just means the API ATA is using can't see the collector, and since it can't see it it skips on trying to start it.
We want it to see it but also that it would start without errors.
If this procedure does not fix it, I suggest to open a support case where a platform engineer can also onboard and advise as to why exactly this collector is not working.