We have two instances of the IWA agent running in separate physical locations. Both agent servers are part of our AD domain. Both were working fine but after a recent office move and network reconfiguration at the backup site the IWA agent is not working.
Both agents were installed using the same AD service account and settings. When I browse to http://agent1/IWA/authenticated.aspx I see both the UserID and UPN from AD. When I browse to the same URL on agent2 I only see the UserID.
The Okta Single Sign On event log is recording the errors.
Failed to locate user 'CORP\user' in AD. Message: 'The user name or password is incorrect.
Is that referring to the credentials for the AD service account provided at the time the agent was installed? I do not see how it could be wrong since it uses the same credentials as agent1, which is working fine. Just to be sure, I reinstalled the agent on the backup server and it was successful but this error is still occurring.
I ended up opening a case with Support and they had me remove the IWA agent application from our internal server AND delete the IWA agent definition in Okta. I had done the first but not the second. That resolved the issue.