Hyper-V NDIS Capture Extension Error - Port Mirroring not working for ATA

Hi,

When I enable the Microsoft NDIS Capture Extension on the Virtual Switch I want capture the traffic on, I get the message: 

"The Selected Extension is not operating correctly.  Check the event logs for further information. If this is a non-Microsoft Extention, contact the vendor for further troubleshooting steps."

I am running Hyper-V on a Windows 8.1 computer, and would like to test ATA 2016.

Get the same error if I use either "Internal" or "Private" switch.

Has anyone seen this problem before?

Thank you


  • Edited by Shim Kwan Friday, August 28, 2015 11:39 PM
August 28th, 2015 11:36pm

Hi Shim,

If all of your VMs are running on your Windows 8.1 Client Hyper-V enabled box, you do not need to enable the NDIS Capture extension on the Virtual Switch.

Assuming you domain controller VM and ATA Gateway VM are connected to the same switch. Make sure that the domain controller virtual machine is configured as the Source and the ATA Gateway virtual machine is configure as the Destination. This is configured as part of the network adapter setting in the configuration of each virtual machine.

HTH

The ATA Team

Free Windows Admin Tool Kit Click here and download it now
August 30th, 2015 8:04am

Hi Gershoni,

Thank you, this is how I have things configured - have removed the NDIS Capture.

However, even though ATA has realized that I have 20 users in AD, it is not picking up any anomalies.

This is what I have in AD thus far:

  • 3 accounts with password never to expire
  • 5 accounts that have failed to login (as I deliberately used the wrong password)
  • 2 accounts added to the Enterprise and Domain Admins groups

Should ATA report on any of the above?

Just trying determine how best to demo the product?

Thanks,

SK


PS. I have had the ATA lab environment running for 5 days now.
August 30th, 2015 5:48pm

Hi Gershoni,

Thank you, this is how I have things configured - have removed the NDIS Capture.

However, even though ATA has realized that I have 20 users in AD, it is not picking up any anomalies.

This is what I have in AD thus far:

  • 3 accounts with password never to expire
  • 5 accounts that have failed to login (as I deliberately used the wrong password)
  • 2 accounts added to the Enterprise and Domain Admins groups

Should ATA report on any of the above?

Just trying determine how best to demo the product?

Thanks,

SK


PS. I have had the ATA lab environment running for 5 days now.
  • Edited by Shim Kwan Sunday, August 30, 2015 10:30 PM
Free Windows Admin Tool Kit Click here and download it now
August 30th, 2015 9:47pm

So we have to wait 21 days before we will be told we have a problem?


  • Edited by Shim Kwan Wednesday, September 02, 2015 1:56 AM
September 1st, 2015 1:38am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics