I’ve been playing around with Microsoft ATA v1.7 lately, and I spun it up in my lab. Just before installing the Gateway and ATA Center, I installed Microsoft Message Analyzer (formally Microsoft Network Monitor) on my gateway to I could see if my capture network card was actually seeing the mirrored traffic.
After I confirmed it was, I began the installation of the ATA Center, followed by the installation of the Gateway. I thought all was good until I noticed my Microsoft Advanced Threat Analytics Gateway service (atagateway) was not starting. The system event log was full of Event ID 7031 errors like this…
The Microsoft Advanced Threat Analytics Gateway service terminated unexpectedly. It has done this xx time(s). The following corrective action will be taken in 5000 milliseconds. Restart the service.
When I looked into %Program Files%\Microsoft Advanced Threat Analytics\Gateway\Logs – I saw in the Microsoft.Tri.Gateway file the following error.
Error [NetworkListener] System.TypeLoadException: Could not load type 'Microsoft.Opn.Runtime.Values.BinaryValueBufferManager' from assembly 'Microsoft.Opn.Runtime, Version=188.8.131.52, Culture=neutral, PublicKeyToken=31bf3856ad364e35'.
It turns out this error is caused by having the Microsoft Message Analyzer installed. There’s some sort of conflict between Message Analyzer and what the Gateway service is trying to do with looking at traffic on the network cards.
Uninstall Microsoft Message Analyzer. After I did that, and did a reboot for good measure – the Microsoft Advanced Threat Analytics Gateway service now starts up without any problem at all.
Hopefully someone else will find this information useful one day.