Error installing Microsoft.Azure.AzureDefenderForServers.MDE.Windows

Phil 0 Reputation points
2023-07-27T06:06:41.6433333+00:00

Hi Guys,
We have seen an issue on 2 Windows 2012 R2 server when Defender for Cloud tries to install the MDE extension.

Any ideas?


Extension failed to process settings. Extension returned non-zero exit code for Enable: 1.  
Extension Error: 
C:\Packages\Plugins\Microsoft.Azure.AzureDefenderForServers.MDE.Windows\1.0.8.7>Powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass C:\Packages\Plugins\Microsoft.Azure.AzureDefenderForServers.MDE.Windows\1.0.8.7\\MdeExtensionHandlerWrapper.ps1 -Action install 
VERBOSE: [2023-07-26 19:44:30Z][Information] Start executing handler action: 
install
VERBOSE: [2023-07-26 19:44:31Z][Information] MDE 
installation/configuration/onboarding occurs / will occur in 'enable'
VERBOSE: [2023-07-26 19:44:31Z][Information] End executing handler action: 
install with exit code: 0

C:\Packages\Plugins\Microsoft.Azure.AzureDefenderForServers.MDE.Windows\1.0.8.7>Powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass C:\Packages\Plugins\Microsoft.Azure.AzureDefenderForServers.MDE.Windows\1.0.8.7\\MdeExtensionHandlerWrapper.ps1 -Action enable 
VERBOSE: [2023-07-26 19:44:42Z][Information] Start executing handler action: 
enable
VERBOSE: [2023-07-26 19:44:46Z][Error] Failed to retrieve configuration. 
Exception: System.Management.Automation.MethodInvocationException: Exception 
calling "Decrypt" with "1" argument(s): "Invalid provider type specified.
" ---> System.Security.Cryptography.CryptographicException: Invalid provider 
type specified.

   at 
System.Security.Cryptography.Pkcs.EnvelopedCms.DecryptContent(RecipientInfoColl
ection recipientInfos, X509Certificate2Collection extraStore)
   at CallSite.Target(Closure , CallSite , Object , Object )
   --- End of inner exception stack trace ---
   at 
System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(Functio
nContext funcContext, Exception exception)
   at 
System.Management.Automation.Interpreter.ActionCallInstruction`2.Run(Interprete
dFrame frame)
   at 
System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(In
terpretedFrame frame)
   at 
System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(In
terpretedFrame frame)
   at System.Management.Automation.Interpreter.Interpreter.Run(InterpretedFrame
 frame)
   at System.Management.Automation.Interpreter.LightLambda.RunVoid1[T0](T0 
arg0)
   at System.Management.Automation.PSScriptCmdlet.RunClause(Action`1 clause, 
Object dollarUnderbar, Object inputToProcess)
   at System.Management.Automation.CommandProcessorBase.Complete()
VERBOSE: [2023-07-26 19:44:46Z][Error] End executing handler action: enable 
with exit code: 53
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,373 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. JamesTran-MSFT 36,621 Reputation points Microsoft Employee
    2023-07-31T22:17:25.5966667+00:00

    @Phil

    Thank you for your post and I apologize for the delayed response!

    Error Message:

    Extension failed to process settings. Extension returned non-zero exit code for Enable: 1.... VERBOSE: [2023-07-26 19:44:46Z][Error] Failed to retrieve configuration.... Exception calling "Decrypt" with "1" argument(s): "Invalid provider type specified." ---> System.Security.Cryptography.CryptographicException: Invalid provider type specified.

    I understand that you're having issues when trying to install the Defender for Cloud MDE extension on your Windows 2012 R2 servers. To hopefully help point you in the right direction or resolve your issue, I'll share my findings below.

    Findings:

    From the error message that you shared:

    • It looks like the extension install initially indicated that the extension failed to process settings and "returned a non-zero exit code for Enable: 1".
    • However, it seems to have still continued to install the MDE extension - "Start executing handler action:" but failed to retrieve a configuration with an error "Invalid provider type specified... System.Security.Cryptography.CryptographicException...".
    • The second error looks to be pointing to an issue with the cryptographic provider type specified in the configuration.

    To help point you in the right direction - when onboarding Windows servers to the Microsoft Defender for Endpoint service, can you make sure that your Windows 2012 R2 servers have met all the pre-requisites to be onboarded?

    For example: Ensuring you've applied the latest updates and installed the current MSI package, so your machines receive the latest fixes and features.

    User's image

    Additional Links:

    I hope this helps!

    If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.

  2. Mitchel 0 Reputation points
    2023-09-21T07:39:32.5633333+00:00

    Hi,

    Not sure if you were already able to resolve this issue but I still want to share my solution for this issue.

    Installing .NET framework 4.8 on the affected 2012 R2 servers fixed this issue for us.

    Please note that it might be necessary to disconnect the server from Azure ARC and re-enroll afterwards.

    Goodluck!

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.