Okta Windows Credential Provider Error Skip to main content
https://support.okta.com/help/answers?id=9060z000000jjgoqas&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Derek HartmanDerek Hartman 

Okta Windows Credential Provider Error

I'm following the guide posted here (https://help.okta.com/en/prod/Content/Topics/Security/proc-mfa-win-creds-rdp.htm) and I have the software installed on the server. I have the app assigned and everything seems to be configured correctly. But when I try to RDP into the server I get "Multi Factor Authenication Failed" I found the log file and it gives me the error: InvalidOperationException thrown System.Net.WebException: The remote server returned an error: (404) Not Found.

Wondering if anyone else ran into this error and what the fix was. 

Thanks

 
Radu GalanRadu Galan (Okta, Inc.)
My name is Radu and I am a Technical Support Engineer (Tier II) at Okta.
Please make sure the following:
- The user is assigned to the app in Okta
- he RDP client (Remote Desktop Connection for Windows, Microsoft Remote Desktop for Mac, etc.) must match an RDP app username otherwise the login will fail. So if the username you are trying with is the SAM account name , then in Okta should be set as tat (without the domain suffix)
For any further assistance please open up a case with Okta Support and get all the necessary pieces of information, if not provided yet, such as:
Use of a supported Windows server, specifically Windows Server 2012, Windows Server 2012 R2, Windows Server 2008, and Windows Server 2008 R2.
The Windows server on which the Okta credential provider is installed must have an active internet connection with port 443 open.
The installing account must have administrative rights to install the OKTA Windows Credential Provider Agent, Visual C++ Redistributable and .NET 4.0+.
End users must have enrolled their MFA tokens previously, by choosing an MFA option for their account when signing in to Okta the first time or after a reset. End user cannot enroll a token during an RDP sign in. End users with unenrolled tokens receive an authentication failed response from Okta when attempting to sign into an RDP server.
 
Simon WindelerSimon Windeler
Hi Derek

We had this issue, set the username in Okta to SAM account. Won't work with email address.

Thanks
Simon
Derek HartmanDerek Hartman
Simon,

Yes, that is what I found was the issue as the username that was being sent to Okta wasn't matching the expected value. I found inside of the log file C:\Program Files\Okta\Okta Windows Credential Provider\logs\OktaWidget.log and entry saying "AppUsername sent to Okta="username". Which the username didn't include @domain. So I put custom expression of ${f:substringBefore(user.login, "@")} and that resolved my issue. 

Thanks
Derek
Simon WindelerSimon Windeler
Thanks Derek, where did you put this expression?
Derek HartmanDerek Hartman
In the application settings for the sign on and I selected custom and entered in the expression there.
User-added image