Microsoft Advanced Threat Analytics IP has changed, ATA Console unavailable

Update: From version 1.8 you will be able to access the console at https://localhost, and update the IP using the ATA Console

When you move Microsoft Advanced Threat Analytics to a new location, your IP will possibly change. After the IP change the ATA Console is not available anymore. When you take a look at the Windows Services you will notice that the “Microsoft Advanced Threat Analytics Center” service is in “Starting” state or does not run. To make the ATA Console accessible you will need to update the configuration, which resides in the underlying Mongo DB. Luckily enough there is an easy way to get this done!

  1. Login to your ATA Console server
  2. Go to “C:\Program Files\Microsoft Advanced Threat Analytics\Center\Backup” and copy the latest version to a known location
  3. Open the backup file with notepad and search and replace the old IP with the new IP
  4. Save the configuration backup file
  5. Open a command prompt
  6. Go to “C:\Program Files\Microsoft Advanced Threat Analytics\Center\MongoDB\bin”
  7. And execute ‘mongoimport.exe –db ATA –collection SystemProfile –file “h:\SystemProfile_newip.json” –upsert’, where h:\SystemProfile_newip.json is the location of the updated configuration backup file
  8. Now you will notice that the service will be back up-and-running within 5 minutes

But now we are halfway… all ATA (lightweight) gateways need to be updated too.

  1. Go to”C:\Program Files\Microsoft Advanced Threat Analytics\Gateway”
  2. Open the GatewayConfiguration.json file
  3. Replace the old IP for the new IP
  4. Restart the “Microsoft Advanced Threat Analytics Gateway” service using the Service Manager

So what have we learned. Read the manual before moving Microsoft ATA to a new IP. An outlined plan can be found at




About Cloud Architect Joran Markx
I have been working on Microsoft Technology since 2003. In addition to (lead) developer and software architect, I am certified Microsoft Specialist and active in design and implementation of Hybrid Cloud platforms. In 2011 I have achieved a Master of Science in IT Management. This made me capable to solve complex issues from the business in an efficient and structured way. As Cloud Architect I am working on various challenging projects with a variety of clients. Within my organisation I fullfill a leading role when it comes to internal development and sharing of knowledge. My goal is to provide reliable and predictable services to our clients with a strong focus on the results achieved for the organisations I am working for.

One Response to Microsoft Advanced Threat Analytics IP has changed, ATA Console unavailable

  1. Rich says:

    You can also use a name instead of IP address, for example a hostname or a DNS CNAME, by entering this in the Center Console > Center Config screen. As long as the address resolves to your new server, you won’t need to update the SystemProfile. You can make it resolve to your new server by simply changing the IP that the CNAME points to in your DNS config.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: