No matter how robust, updated, or top-notch your operating system is, encountering system errors is inevitable, even for Macs. If you’ve had your Mac for quite some time, then you’ve probably encountered your own share of Mac errors. These errors can be caused by a wide range of reasons, and you can expect them on all types of Macs, regardless of the model, age, or macOS version.
- Invalid Parameters Were Detected For An Operation Mac Os Error Code 36
- Invalid Parameters Were Detected For An Operation Macos Error Code Windows 10
- Invalid Parameters Were Detected For An Operation Mac Os Error Code 43
- Invalid Parameters Were Detected For An Operation Mac Os Error Code 36 Can T Be Read Or Written
- Invalid Parameters Were Detected For An Operation Mac Os Error Code 50
- Invalid Parameters Were Detected For An Operation Mac Os Error Code 67050
Seeing those pop-up Mac error codes or red warning signs can be annoying and nerve-wracking at times, but these error notifications are your system’s way of telling you that there is something with your Mac. Unfortunately, Mac error codes are not always easy to understand. Some of these Mac error codes have pretty simple descriptions, but most of them are made up with technical jargons that ordinary Mac users can’t understand.
![Codes Codes](/uploads/1/2/6/8/126871886/627973822.png)
![Invalid parameters were detected for an operation mac os error code 6584 Invalid parameters were detected for an operation mac os error code 6584](/uploads/1/2/6/8/126871886/360653289.png)
This guide lists down the most common error codes on a Mac, what they mean, and how to deal with them.
List of Mac Error Codes
Mac error code -3001F error appears because the system is attempting to restore backup files. When this attempt fails to process and load requests, it severely crashes. Several Mac users have encountered this error when attempting to restart their computer after wiping the disk to prepare the system for a macOS reinstallation.
Acronis Cyber Protect Cloud, Acronis Cyber Backup: SQL database backup fails with 'An invalid file has been detected' Acronis Cyber Backup 12.5: backup to Quantum Scalar tape library fails Acronis Cyber Backup: attempt to browse or delete mobile device backup fails with 'Internal error: An expression test has failed.'
Mac users who get the Mac error code -1008F experience it when trying to complete the internet recovery process. Oftentimes the error code also appears when trying to reinstall macOS Mojave after running Catalina.
The Hulu Error 5003 in a Mac happens when any content you are watching in Hulu (movie, episode, or news) keeps freezing. The issue can be caused by the device used, your internet connection, or the app itself.
Mac Error Code 100006 indicates a problem with a specific program, feauture, or operation. Unless this error is fixed, it will continue to pop up on your screen. One of the common causes of this error is a Mac infected with viruses or malware entities.
When you are moving large files around, like transferring files from one external hard drive to another via a Mac or transferring files from a Mac to another device, the Mac error code -36 may occur. Some of the other causes are the target disk is corrupted or there is a system limitation, to name a few.
Mac users who try to create a new disk partition may get the Mac error 49168. Unfortunately, the Disk Utility app is not helpful in solving this problem. Cleaning your computer with a premium utlity tool may scan your system for any performance limiting issues. Since the Disk Utility app is not useful, you will have to reply on the Terminal app and the last solution involves using the Disk Defrag software.
PKIInstallErrorDomain error 106 appears on a Mac while trying to update the operating system. It sometimes comes with the error message “The operation couldn’t be completed. You can try updating again in System Preferences after restarting.” This error could be triggered by hardware issues, malware entities, or the system itself struggling with the installation.
This is a file transfer error that happens when you copy, move, or delete files from a Mac’s hard drive or an external drive. The error message reads: The operation can’t be completed because an unexpected error occurred (error code -50). You can fix this error by running a disk check, renaming the file, or copying the file via Terminal.
This Mac error usually pops up whenever you try to burn a disc using your Mac. The error message reads: The disc can’t be burned because communication between the computer and the disc drive failed (error code 0x80020022). The error might be caused by corrupted data or a third-party app. To fix the error 0x80020022, replace the disc, avoid writing at maximum speed, and uninstall then reinstall the burner.
This is another file transfer file error on a Mac that is associated with the .DS_Store file. The .DS_Store file contains metadata, like icon images and shortcuts, generated when a Windows file is copied to a Mac. The error code -36 usually happens when copying a file, which has an . invisible .DS_Store file associated with it, is copied back to a Windows-compatible volume or thumb drive. The error message reads: The Finder can’t complete the operation because some data in “.DS_Store” can’t be read or written. (Error code -36). The easiest fix for this error is to run the “dot_Clean” command using Terminal.
This is an input or output error that causes your Mac to be sluggish, unable to open files, apps freezing or crashing, or the whole system becomes totally unresponsive. The error can be caused by a sudden system file termination, hardware or software issues, incorrect formatting, header file corruption, or BIOS setting modifications. Rebooting the system and doing a disk check often solves the error code -924 easily. If not, you need to reinstall macOS.
This is an installation error that occurs when Mac users try to upgrade to macOS Mojave. The problem is mostly related to the SInstallerSetup and the process of migrating to Mojave in general. The error message usually reads: An error occurred while preparing the installation. Try running this application again. You might also encounter this error message: macOS could not be installed on your computer. An error occurred installing macOS. To use Apple Diagnostics to check your Mac hardware, shut down, press the power button, and immediately hold the ‘D’ key until diagnostics begins. Quit the installer to restart your computer and try again. If you get this error, try installing Mojave as a new user or in Safe Mode.
This random error can happen whenever you download files, take screenshots, open or close files, or launch applications. The error just pops out of nowhere, making it difficult to identify the cause. Outdated software, interrupted operations, misconfigured system settings, and corrupted directories are some of the culprits behind this error. Updating your apps and cleaning up your system can help resolve this error.
This Mac error occurs when Mac users use Internet Recovery to reinstall macOS after reformatting the hard drive. The error causes the system to freeze and the macOS installation to fail. There is no error message that accompanies this error, just a flashing folder with a question mark and a link to Apple Support, making it difficult to determine what the error is about and what caused it. The main cause of the error code 2003f is a poor and unstable internet connection. The easiest way to fix this error is to switch to a different network with a better internet connection or use a cable.
This is a file transfer error that appears when you try to delete files from your Mac, transfer files from or to a USB device, or move files between folders. If a problem occurs anywhere during the process, the error code 43 appears along with the following notification: The operation can’t be completed because one or more required items can’t be found. (Error code -43). The error is triggered when the file share point can’t be found, when the file is being used or is locked, when the document is only partially downloaded, or there are missing file permissions. Dealing with this error requires resetting the NVRAM, running a disk check, and repairing corrupted system files. If the file is locked, you need to run the chflags -R nouchg command via Terminal to resolve the error.
This Mac error is often encountered when you try to permanently delete files from the Trash. The error is caused by incorrect registry configurations, causing the file transfer to fail. The error is usually accompanied by the following notification: The operation can’t be completed because an unexpected error occurred (error code -8003). The easiest way to deal with this error is by holding down the Option key, while deleting the files from the Trash.
The com.apple.commerce.client error is a Mac App Store error that prevents users from installing application updates or downloading new apps. Users usually encounter the following error message: An error occurred during purchase. The operation couldn’t be completed. The com.apple.commerce.client error 500 can be caused by corrupt App Store preferences, damaged installation files, invalid payment details, or unpaid balance on your Apple account. To fix this error, you need to deal with the cause (pay any unpaid balance or use a different card), delete the App Store cache, reset the App Store preferences, and then sign out then sign back into your iCloud account.
This error is associated with the Image Capture app, causing users to be unable to import images using the app. The error message usually reads: The operation couldn’t be completed (com.apple.ImageCaptureCore error -9956). This error can be caused by an outdated Image Capture app or some corrupted images being imported. To fix this, try importing the images batch by batch until you figure out which image is causing the error.
This error occurs when you try to burn a CD or DVD on your Mac. Disk burning problems, such as error code 0x8002006E, is generally caused by system or app issues, but it is also possible for hardware problems to trigger this error. You might encounter the following message when this error appears: Burning the disc failed because an unexpected error occurred. (Error code 0x8002006E). This bug can be easily resolved by cleaning the disk drive lens.
This error is associated with printers connected to Macs and usually pops up when users try to scan something using the printer. The error is accompanied by the following notification: An error occurred while communicating with the scanner. (-9923). The error code 9923 appears due to a communication problem between macOS and the printer. It could be due to a loose cable, corrupted or outdated printer software, or other printer problems. To resolve this, you just need to update your printer and edit the printer settings. If they don’t work, reset the printer itself.
This error involves the Netsession_mac process used by apps and websites to download or stream content from the internet. This error is usually encountered when trying to access video-on-demand apps like Netflix, Hulu, and Amazon, and other content-heavy websites. The error message usually reads: “netsession_mac” is not optimized for your Mac. This app needs to be updated by its developer to improve compatibility. This error appears when you are using the 32-bit version of the app, which is no longer supported by macOS Mojave. The latest macOS version now only runs 64-bit apps, otherwise, it will show a “not optimized for your Mac” error.
SystemExtr-related errors occur when there are issues with your Mac’s system files or hardware, causing the involved apps or the system itself to crash. Incompatible software, corrupted system files, or malicious software are some of the common causes of SystemExtr errors. You might also encounter the following error message: SystemExtr quit unexpectedly. Click Report to see more detailed information and send a report to Apple. SystemExtr-related errors can be easily resolved by running a system scan, quitting problematic apps, installing software updates, and rebooting your system.
The IDECacheDeleteAppExtension error happens when you have developer tools or the Xcode app installed on your Mac, causing apps to quit unexpectedly. You might also encounter the following notification: IDECacheDeleteAppExtension quit unexpectedly. Click Report to see more detailed information and send a report to Apple. Updating the developer tools or Xcode should help resolve the issue. If it does not help, you might need to uninstall them, then reinstall a clean copy.
This error occurs whenever you try to install an update for Microsoft Office on your Mac. The INSTALL_VERIFICATION_FAILED_ALERT_info error appears when the Microsoft Database Daemon and Sync Services are running during the update. To fix this error, you need to close all running applications, particularly the services mentioned earlier, then try to run the update again.
This error, as the name suggests, involves the normal.dotm file that stores all the default main settings for a Microsoft Word document. If the normal.dotm gets corrupted, the normal.dotm error message appears. Deleting the normal.dotm file and updating your Microsoft Office can help resolve this error.
This issue occurs when your iCloud Calendar is unable to sync with the iCloud Calendar app on your Mac. When this error appears, you’ll see a “The request for account ‘iCloud’ failed” notification. Resetting the iCloud Calendar’s preferences, and then signing out and then signing back into your iCloud account should be enough to deal with this error.
The EFI-check warning pops up when inconsistencies, corruption, and tampering has been detected during the EFI security check. The tool regularly scans your EFI firmware to check if it is included in Apple’s approved list. If you replaced your Mac hardware or tampered with the firmware, you’ll probably get this message out of the blue: Your computer has detected a potential problem. Click “Send to Apple” to submit a report to Apple. To resolve this error, you need to uninstall recent software changes and reset the EFI preferences.
Got an error while using your Mac? If you encounter an error code on your Mac, don’t panic! The trick in troubleshooting Mac errors is by knowing what the error code means and finding the appropriate solution. If you can take a screenshot of the error, do so before the pop up message disappears. Then scroll through our list of common Mac error codes to learn more about what they mean and how to troubleshoot them.
Can’t find your error code on the list? Let us know so we can point you in the right direction.
-->Applies to:
- Windows Server 2012 R2
- Windows Server 2016
You might need to troubleshoot the Microsoft Defender ATP onboarding process if you encounter issues.This page provides detailed steps to troubleshoot onboarding issues that might occur when deploying with one of the deployment tools and common errors that might occur on the devices.
Troubleshoot issues with onboarding tools
If you have completed the onboarding process and don't see devices in the Devices list after an hour, it might indicate an onboarding or connectivity problem.
Invalid Parameters Were Detected For An Operation Mac Os Error Code 36
Troubleshoot onboarding when deploying with Group Policy
Deployment with Group Policy is done by running the onboarding script on the devices. The Group Policy console does not indicate if the deployment has succeeded or not.
If you have completed the onboarding process and don't see devices in the Devices list after an hour, you can check the output of the script on the devices. For more information, see Troubleshoot onboarding when deploying with a script.
If the script completes successfully, see Troubleshoot onboarding issues on the devices for additional errors that might occur.
Troubleshoot onboarding issues when deploying with Microsoft Endpoint Configuration Manager
When onboarding devices using the following versions of Configuration Manager:
- Microsoft Endpoint Configuration Manager
- System Center 2012 Configuration Manager
- System Center 2012 R2 Configuration Manager
Deployment with the above-mentioned versions of Configuration Manager is done by running the onboarding script on the devices. You can track the deployment in the Configuration Manager Console.
If the deployment fails, you can check the output of the script on the devices.
If the onboarding completed successfully but the devices are not showing up in the Devices list after an hour, see Troubleshoot onboarding issues on the device for additional errors that might occur.
Invalid Parameters Were Detected For An Operation Macos Error Code Windows 10
Troubleshoot onboarding when deploying with a script
Check the result of the script on the device:
- Click Start, type Event Viewer, and press Enter.
- Go to Windows Logs > Application.
- Look for an event from WDATPOnboarding event source.
If the script fails and the event is an error, you can check the event ID in the following table to help you troubleshoot the issue.
Invalid Parameters Were Detected For An Operation Mac Os Error Code 43
Note
The following event IDs are specific to the onboarding script only.
Event ID | Error Type | Resolution steps |
---|---|---|
5 | Offboarding data was found but couldn't be deleted | Check the permissions on the registry, specificallyHKLMSOFTWAREPoliciesMicrosoftWindows Advanced Threat Protection . |
10 | Onboarding data couldn't be written to registry | Check the permissions on the registry, specificallyHKLMSOFTWAREPoliciesMicrosoftWindows Advanced Threat Protection .Verify that the script has been run as an administrator. |
15 | Failed to start SENSE service | Check the service health (sc query sense command). Make sure it's not in an intermediate state ('Pending_Stopped', 'Pending_Running') and try to run the script again (with administrator rights). If the device is running Windows 10, version 1607 and running the command sc query sense returns START_PENDING , reboot the device. If rebooting the device doesn't address the issue, upgrade to KB4015217 and try onboarding again. |
15 | Failed to start SENSE service | If the message of the error is: System error 577 or error 1058 has occurred, you need to enable the Microsoft Defender Antivirus ELAM driver, see Ensure that Microsoft Defender Antivirus is not disabled by a policy for instructions. |
30 | The script failed to wait for the service to start running | The service could have taken more time to start or has encountered errors while trying to start. For more information on events and errors related to SENSE, see Review events and errors using Event viewer. |
35 | The script failed to find needed onboarding status registry value | When the SENSE service starts for the first time, it writes onboarding status to the registry locationHKLMSOFTWAREMicrosoftWindows Advanced Threat ProtectionStatus .The script failed to find it after several seconds. You can manually test it and check if it's there. For more information on events and errors related to SENSE, see Review events and errors using Event viewer. |
40 | SENSE service onboarding status is not set to 1 | The SENSE service has failed to onboard properly. For more information on events and errors related to SENSE, see Review events and errors using Event viewer. |
65 | Insufficient privileges | Run the script again with administrator privileges. |
Troubleshoot onboarding issues using Microsoft Intune
You can use Microsoft Intune to check error codes and attempt to troubleshoot the cause of the issue.
If you have configured policies in Intune and they are not propagated on devices, you might need to configure automatic MDM enrollment.
Use the following tables to understand the possible causes of issues while onboarding:
- Microsoft Intune error codes and OMA-URIs table
- Known issues with non-compliance table
- Mobile Device Management (MDM) event logs table
If none of the event logs and troubleshooting steps work, download the Local script from the Device management section of the portal, and run it in an elevated command prompt.
Microsoft Intune error codes and OMA-URIs:
Error Code Hex | Error Code Dec | Error Description | OMA-URI | Possible cause and troubleshooting steps |
---|---|---|---|---|
0x87D1FDE8 | -2016281112 | Remediation failed | Onboarding Offboarding | Possible cause: Onboarding or offboarding failed on a wrong blob: wrong signature or missing PreviousOrgIds fields. Troubleshooting steps: Check the event IDs in the View agent onboarding errors in the device event log section. Check the MDM event logs in the following table or follow the instructions in Diagnose MDM failures in Windows 10. |
Onboarding Offboarding SampleSharing | Possible cause: Microsoft Defender ATP Policy registry key does not exist or the OMA DM client doesn't have permissions to write to it. Troubleshooting steps: Ensure that the following registry key exists: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows Advanced Threat Protection If it doesn't exist, open an elevated command and add the key. | |||
SenseIsRunning OnboardingState OrgId | Possible cause: An attempt to remediate by read-only property. Onboarding has failed. Troubleshooting steps: Check the troubleshooting steps in Troubleshoot onboarding issues on the device. Check the MDM event logs in the following table or follow the instructions in Diagnose MDM failures in Windows 10. | |||
All | Possible cause: Attempt to deploy Microsoft Defender ATP on non-supported SKU/Platform, particularly Holographic SKU. Currently supported platforms: Enterprise, Education, and Professional. Server is not supported. | |||
0x87D101A9 | -2016345687 | SyncML(425): The requested command failed because the sender does not have adequate access control permissions (ACL) on the recipient. | All | Possible cause: Attempt to deploy Microsoft Defender ATP on non-supported SKU/Platform, particularly Holographic SKU. Currently supported platforms: Enterprise, Education, and Professional. |
Known issues with non-compliance
The following table provides information on issues with non-compliance and how you can address the issues.
Case | Symptoms | Possible cause and troubleshooting steps |
---|---|---|
1 | Device is compliant by SenseIsRunning OMA-URI. But is non-compliant by OrgId, Onboarding and OnboardingState OMA-URIs. | Possible cause: Check that user passed OOBE after Windows installation or upgrade. During OOBE onboarding couldn't be completed but SENSE is running already. Troubleshooting steps: Wait for OOBE to complete. |
2 | Device is compliant by OrgId, Onboarding, and OnboardingState OMA-URIs, but is non-compliant by SenseIsRunning OMA-URI. | Possible cause: Sense service's startup type is set as 'Delayed Start'. Sometimes this causes the Microsoft Intune server to report the device as non-compliant by SenseIsRunning when DM session occurs on system start. Troubleshooting steps: The issue should automatically be fixed within 24 hours. |
3 | Device is non-compliant | Troubleshooting steps: Ensure that Onboarding and Offboarding policies are not deployed on the same device at same time. |
Mobile Device Management (MDM) event logs
View the MDM event logs to troubleshoot issues that might arise during onboarding:
Log name: MicrosoftWindowsDeviceManagement-EnterpriseDiagnostics-Provider
Channel name: Admin
ID | Severity | Event description | Troubleshooting steps |
---|---|---|---|
1819 | Error | Microsoft Defender Advanced Threat Protection CSP: Failed to Set Node's Value. NodeId: (%1), TokenName: (%2), Result: (%3). | Download the Cumulative Update for Windows 10, 1607. |
Troubleshoot onboarding issues on the device
If the deployment tools used does not indicate an error in the onboarding process, but devices are still not appearing in the devices list in an hour, go through the following verification topics to check if an error occurred with the Microsoft Defender ATP agent:
View agent onboarding errors in the device event log
- Click Start, type Event Viewer, and press Enter.
- In the Event Viewer (Local) pane, expand Applications and Services Logs > Microsoft > Windows > SENSE.NoteSENSE is the internal name used to refer to the behavioral sensor that powers Microsoft Defender ATP.
- Select Operational to load the log.
- In the Action pane, click Filter Current log.
- On the Filter tab, under Event level: select Critical, Warning, and Error, and click OK.
- Events which can indicate issues will appear in the Operational pane. You can attempt to troubleshoot them based on the solutions in the following table:
Event ID | Message | Resolution steps |
---|---|---|
5 | Microsoft Defender Advanced Threat Protection service failed to connect to the server at variable | Ensure the device has Internet access. |
6 | Microsoft Defender Advanced Threat Protection service is not onboarded and no onboarding parameters were found. Failure code: variable | Run the onboarding script again. |
7 | Microsoft Defender Advanced Threat Protection service failed to read the onboarding parameters. Failure code: variable | Ensure the device has Internet access, then run the entire onboarding process again. |
9 | Microsoft Defender Advanced Threat Protection service failed to change its start type. Failure code: variable | If the event happened during onboarding, reboot and re-attempt running the onboarding script. For more information, see Run the onboarding script again. If the event happened during offboarding, contact support. |
10 | Microsoft Defender Advanced Threat Protection service failed to persist the onboarding information. Failure code: variable | If the event happened during onboarding, re-attempt running the onboarding script. For more information, see Run the onboarding script again. If the problem persists, contact support. |
15 | Microsoft Defender Advanced Threat Protection cannot start command channel with URL: variable | Ensure the device has Internet access. |
17 | Microsoft Defender Advanced Threat Protection service failed to change the Connected User Experiences and Telemetry service location. Failure code: variable | Run the onboarding script again. If the problem persists, contact support. |
25 | Microsoft Defender Advanced Threat Protection service failed to reset health status in the registry. Failure code: variable | Contact support. |
27 | Failed to enable Microsoft Defender Advanced Threat Protection mode in Windows Defender. Onboarding process failed. Failure code: variable | Contact support. |
29 | Failed to read the offboarding parameters. Error type: %1, Error code: %2, Description: %3 | Ensure the device has Internet access, then run the entire offboarding process again. |
30 | Failed to disable $(build.sense.productDisplayName) mode in Microsoft Defender Advanced Threat Protection. Failure code: %1 | Contact support. |
32 | $(build.sense.productDisplayName) service failed to request to stop itself after offboarding process. Failure code: %1 | Verify that the service start type is manual and reboot the device. |
55 | Failed to create the Secure ETW autologger. Failure code: %1 | Reboot the device. |
63 | Updating the start type of external service. Name: %1, actual start type: %2, expected start type: %3, exit code: %4 | Identify what is causing changes in start type of mentioned service. If the exit code is not 0, fix the start type manually to expected start type. |
64 | Starting stopped external service. Name: %1, exit code: %2 | Contact support if the event keeps re-appearing. |
68 | The start type of the service is unexpected. Service name: %1, actual start type: %2, expected start type: %3 | Identify what is causing changes in start type. Fix mentioned service start type. |
69 | The service is stopped. Service name: %1 | Start the mentioned service. Contact support if persists. |
There are additional components on the device that the Microsoft Defender ATP agent depends on to function properly. If there are no onboarding related errors in the Microsoft Defender ATP agent event log, proceed with the following steps to ensure that the additional components are configured correctly.
Ensure the diagnostic data service is enabled
If the devices aren't reporting correctly, you might need to check that the Windows 10 diagnostic data service is set to automatically start and is running on the device. The service might have been disabled by other programs or user configuration changes.
First, you should check that the service is set to start automatically when Windows starts, then you should check that the service is currently running (and start it if it isn't).
Ensure the service is set to start
Use the command line to check the Windows 10 diagnostic data service startup type:
- Open an elevated command-line prompt on the device:a. Click Start, type cmd, and press Enter.b. Right-click Command prompt and select Run as administrator.
- Best ssd for mac el capitan. Enter the following command, and press Enter:If the service is enabled, then the result should look like the following screenshot:If the
START_TYPE
is not set toAUTO_START
, then you'll need to set the service to automatically start.
Use the command line to set the Windows 10 diagnostic data service to automatically start:
- Open an elevated command-line prompt on the device:a. Click Start, type cmd, and press Enter.b. Right-click Command prompt and select Run as administrator.
- Enter the following command, and press Enter:
- A success message is displayed. Verify the change by entering the following command, and press Enter:
- Start the service.a. In the command prompt, type the following command and press Enter:
Ensure the device has an Internet connection
The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Microsoft Defender ATP service.
WinHTTP is independent of the Internet browsing proxy settings and other user context applications and must be able to detect the proxy servers that are available in your particular environment.
To ensure that sensor has service connectivity, follow the steps described in the Verify client connectivity to Microsoft Defender ATP service URLs topic.
If the verification fails and your environment is using a proxy to connect to the Internet, then follow the steps described in Configure proxy and Internet connectivity settings topic.
Ensure that Microsoft Defender Antivirus is not disabled by a policy
Problem: The Microsoft Defender ATP service does not start after onboarding.
Invalid Parameters Were Detected For An Operation Mac Os Error Code 36 Can T Be Read Or Written
Symptom: Onboarding successfully completes, but you see error 577 or error 1058 when trying to start the service.
Solution: If your devices are running a third-party antimalware client, the Microsoft Defender ATP agent needs the Windows Defender Early Launch Antimalware (ELAM) driver to be enabled. You must ensure that it's not disabled in system policy.
- Depending on the tool that you use to implement policies, you'll need to verify that the following Windows Defender policies are cleared:
- DisableAntiSpyware
- DisableAntiVirus
For example, in Group Policy there should be no entries such as the following values:<Key Path='SOFTWAREPoliciesMicrosoftWindows Defender'><KeyValue Value='0' ValueKind='DWord' Name='DisableAntiSpyware'/></Key>
<Key Path='SOFTWAREPoliciesMicrosoftWindows Defender'><KeyValue Value='0' ValueKind='DWord' Name='DisableAntiVirus'/></Key>
- After clearing the policy, run the onboarding steps again.
- You can also check the following registry key values to verify that the policy is disabled:
- Open the registry key
HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows Defender
. - Ensure that the value
DisableAntiSpyware
is not present.
NoteIn addition, you must ensure that wdfilter.sys and wdboot.sys are set to their default start values of '0'.<Key Path='SYSTEMCurrentControlSetServicesWdBoot'><KeyValue Value='0' ValueKind='DWord' Name='Start'/></Key>
<Key Path='SYSTEMCurrentControlSetServicesWdFilter'><KeyValue Value='0' ValueKind='DWord' Name='Start'/></Key>
- Open the registry key
Troubleshoot onboarding issues on a server
If you encounter issues while onboarding a server, go through the following verification steps to address possible issues.
You might also need to check the following:
- Check that there is a Microsoft Defender Advanced Threat Protection Service running in the Processes tab in Task Manager. For example:
- Check Event Viewer > Applications and Services Logs > Operation Manager to see if there are any errors.
- In Services, check if the Microsoft Monitoring Agent is running on the server. For example,
- In Microsoft Monitoring Agent > Azure Log Analytics (OMS), check the Workspaces and verify that the status is running.
- Check to see that devices are reflected in the Devices list in the portal.
Confirming onboarding of newly built devices
There may be instances when onboarding is deployed on a newly built device but not completed.
The steps below provide guidance for the following scenario:
- Onboarding package is deployed to newly built devices
- Sensor does not start because the Out-of-box experience (OOBE) or first user logon has not been completed
- Device is turned off or restarted before the end user performs a first logon
- In this scenario, the SENSE service will not start automatically even though onboarding package was deployed
Invalid Parameters Were Detected For An Operation Mac Os Error Code 50
Note
Invalid Parameters Were Detected For An Operation Mac Os Error Code 67050
The following steps are only relevant when using Microsoft Endpoint Configuration Manager. For more details about onboarding using Microsoft Endpoint Configuration Manager, see Microsoft Defender Advanced Threat Protection.
- Create an application in Microsoft Endpoint Configuration Manager.
- Select Manually specify the application information.
- Specify information about the application, then select Next.
- Specify information about the software center, then select Next.
- In Deployment types select Add.
- Select Manually specify the deployment type information, then select Next.
- Specify information about the deployment type, then select Next.
- In Content > Installation program specify the command:
net start sense
. - In Detection method, select Configure rules to detect the presence of this deployment type, then select Add Clause.
- Specify the following detection rule details, then select OK:
- In Detection method select Next.
- In User Experience, specify the following information, then select Next:
- In Requirements, select Next.
- In Dependencies, select Next.
- In Summary, select Next.
- In Completion, select Close.
- In Deployment types, select Next.
- In Summary, select Next.The status is then displayed:
- In Completion, select Close.
- You can now deploy the application by right-clicking the app and selecting Deploy.
- In General select Automatically distribute content for dependencies and Browse.
- In Content select Next.
- In Deployment settings, select Next.
- In Scheduling select As soon as possible after the available time, then select Next.
- In User experience, select Commit changes at deadline or during a maintenance window (requires restarts), then select Next.
- In Alerts select Next.
- In Summary, select Next.The status is then displayed
- In Completion, select Close.