Microsoft Advanced Threat Analytics IP has changed, ATA Console unavailable


Update: From version 1.8 you will be able to access the console at https://localhost, and update the IP using the ATA Console

When you move Microsoft Advanced Threat Analytics to a new location, your IP will possibly change. After the IP change the ATA Console is not available anymore. When you take a look at the Windows Services you will notice that the “Microsoft Advanced Threat Analytics Center” service is in “Starting” state or does not run. To make the ATA Console accessible you will need to update the configuration, which resides in the underlying Mongo DB. Luckily enough there is an easy way to get this done!

  1. Login to your ATA Console server
  2. Go to “C:\Program Files\Microsoft Advanced Threat Analytics\Center\Backup” and copy the latest version to a known location
  3. Open the backup file with notepad and search and replace the old IP with the new IP
  4. Save the configuration backup file
  5. Open a command prompt
  6. Go to “C:\Program Files\Microsoft Advanced Threat Analytics\Center\MongoDB\bin”
  7. And execute ‘mongoimport.exe –db ATA –collection SystemProfile –file “h:\SystemProfile_newip.json” –upsert’, where h:\SystemProfile_newip.json is the location of the updated configuration backup file
  8. Now you will notice that the service will be back up-and-running within 5 minutes

But now we are halfway… all ATA (lightweight) gateways need to be updated too.

  1. Go to”C:\Program Files\Microsoft Advanced Threat Analytics\Gateway”
  2. Open the GatewayConfiguration.json file
  3. Replace the old IP for the new IP
  4. Restart the “Microsoft Advanced Threat Analytics Gateway” service using the Service Manager

So what have we learned. Read the manual before moving Microsoft ATA to a new IP. An outlined plan can be found at https://docs.microsoft.com/en-us/advanced-threat-analytics/modifying-ata-center-configuration

 

 

Advertisements

About Cloud Architect Joran Markx
I have been working on Microsoft Technology since 2003. In addition to (lead) developer and software architect, I am certified Microsoft Specialist and active in design and implementation of Hybrid Cloud platforms. In 2011 I have achieved a Master of Science in IT Management. This made me capable to solve complex issues from the business in an efficient and structured way. As Cloud Architect I am working on various challenging projects with a variety of clients. Within my organisation I fullfill a leading role when it comes to internal development and sharing of knowledge. My goal is to provide reliable and predictable services to our clients with a strong focus on the results achieved for the organisations I am working for.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: