Has anyone experienced a E0000006 error from the Okta AD Agent? Skip to main content
https://support.okta.com/help/answers?id=906f0000000blrniay&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Phil IbarrolaPhil Ibarrola 

Has anyone experienced a E0000006 error from the Okta AD Agent?

I recently had an Okta AD Agent stop working.  The logs indicated a E0000006 (Not authorized) error.  It seems like the agent is no longer authorized to interact with Okta.

Has anyone seen this before?
What could have caused this?  (there were no changes to the environment.  no really!! I promise!)

I'm un-installing/re-installing the agent right now which I imagine will resolve it, but just want to see if others have experience with it.

Thanks,
Phil
 
Jim KnutsonJim Knutson (Okta, Inc.)
Hello Phil,
According to our Developer Information located here:
http://developer.okta.com/docs/api/getting_started/error_codes.html
"E0000006 You do not have permission to perform the requested action."
It sounds like the permissions on the Okta Admin account used for the install are no longer valid. If you know the account, you can check in the Security Tab in the okta admin console to verify permissions, or I recomend a re-install the agent, as we have safe guards to make sure tha accounts that are being used are valid at the time of install.

  If you are still having issues please open a support case with our team and we will be able to help.
To open a support case give us a call at 1-800-219-0964 or click on the "Help and Training" Link in your Okta Admin console.

Best Regards,

Jim

Jim Knutson, Customer Success Manager, Okta

 
Phil IbarrolaPhil Ibarrola
Un-installing / re-installing seemed to fix the problem.  In the process, the agent was re-authorized and it started servicing AD events again.

How did it get into this state?  The API token for the agent didn't change and was still valid for that agent.  Nothing else in the environment changed.  I was hoping to understand how it got in this state, so we can prevent it from happening again.

 
api-workday api-workdayapi-workday api-workday
Hi Phil,

I've seen something similar but mine was in a preview environment and I was disabling agents and enabling agents as part of testing. In that case I think the token that had been issued to the agent in question had really been revoked.

Do the system logs indicate any meaningful token lifecycle events?

That said based on the error it seems more like a rights issue than a valid token issue and I cannot see a way through the GUI to manipulate the rights that are assinged to the ad agent user.
Madhu Mahadevan - SEMadhu Mahadevan - SE (Okta, Inc.)
The API tokens expire if unused for a period of time.  Was the AD Agent regularly importing/syncing till the point that it expired?  Any info in the AD Agent logs?

Madhu Mahadevan, Sr. Sales Engineer, Okta
Phil IbarrolaPhil Ibarrola
HI Madhu,

Thanks for the reply!

The agent had been shut down for a few days as we were troubleshooting something in the environment and wanted to force all "work" to a specific agent.  My understanding is the tokens automatically expire after 30 days of inactivity.  

We did check the agent logs.  That's where we found the E000006 errors and other authorization errors.  We tried troubleshooting for a while, but we were time constrained and had to move on.  We were fairly confident that a reinstall would resolve the problem.  I was curious if anyone (customer or Okta) had more insight into what may have happened.

Thanks,
Phil
 
Phil IbarrolaPhil Ibarrola
Hi Matt,

Thanks for your reply!

We didn't see any token lifecycle events in our logs.  The token for the particular agent was still valid as far as we could tell.  This is what caused the confusion for us.  Like I said in my response to Madhu... we shut down this particular agent for a few days to troubleshoot a problem.  When we tried to restart the agent, we ended up with a new problem on our hands.  :-)  

I guess we'll just have to chalk this one up to entropy and let everyone know reinstalling the agent resolves this particular error.  Not the most satisfying answer, but it works.

Thanks,
Phil