While deploying the OMS Gateway for Windows Defender ATP, I encountered the following error in the event viewer of the OMS Gateway:

2020-02-28 13:19:05 [47] ERROR GatewayLogic – Target host (winatp-gw-uks.microsoft.com) is forbidden. Destination server is not in allowed list. Ensure that the Microsoft Monitoring Agent on your Gateway box and the agents talking to the Gateway, are both connected to the same Log Analytics workspace.

Windows Defender ATP

This error indicates that the OMS Gateway can’t communicate through the URL that is being provided. So, I looked into the inbound connections on the OMS Gateway server, and I saw that some servers had the TIME_WAIT status after I performed the netstat -an:

Windows Defender ATP

After some research, I found a PowerShell command, Add-OMSGatewayAllowedHost for the gateway. I authorized URLs that were present in the logs of the event viewer and I restarted the OMSGatewayService:

Add-OMSGatewayAllowedHost -Host winatp-gw-weu.microsoft.com -Force

Add-OMSGatewayAllowedHost -Host winatp-gw-cus.microsoft.com -Force

Add-OMSGatewayAllowedHost -Host winatp-gw-eus.microsoft.com -Force

Add-OMSGatewayAllowedHost -Host eu-v20.events.data.microsoft.com -Force

Add-OMSGatewayAllowedHost -Host v20.events.data.microsoft.com -Force

Add-OMSGatewayAllowedHost -Host settings-win.data.microsoft.com -Force

Restart-Service OMSGatewayService


VSAN from StarWind eliminates any need for physical shared storage just by mirroring internal flash and storage resources between hypervisor servers. Furthermore, the solution can be run on the off-the-shelf hardware. Such design allows VSAN from StarWind to not only achieve high performance and efficient hardware utilization but also reduce operational and capital expenses.
Find out more about ➡ VSAN from StarWind

After restarting the service, I had no more errors:

No more errors

I hope that this short guide was able to help you. If you have any questions regarding the issue, be sure to leave a comment or text me and I will try and help if that’s within my reach.

Views All Time
Views Today
Appreciate how useful this article was to you?
No Ratings Yet
Back to blog
The following two tabs change content below.
Florent Appointaire
Florent Appointaire is Microsoft Engineer with 5 years of experience, specialized in Cloud Technologies (Public/Hybrid/Private). He is a freelance consultant in Belgium from the beginning of 2017. He is MVP Cloud and Datacentre Management. He is MCSE Private Cloud and Hyper-V certified. His favorite products are SCVMM, SCOM, Windows Azure pack/Azure Stack and Microsoft Azure.
Latest posts by Florent Appointaire (see all)