During the installation of the IWA Desktop SSO Agent on the Windows Server, the following error is encountered:

Failed to disable Anonymous Authentication in IIS for the IWA application

• Integrated Windows Authentication (IWA)
• Desktop Single Sign-on (DSSO)
• IWA DSSO Web Agent  
• Okta Classic Engine

This can be caused by a corrupt IIS configuration file.

• This can be identified by inspecting files such as ApplicationHost.config or web.config line by line.
• System Event Logs may show errors such as:

The configuration section 'system.webServer' cannot be read because it is missing a section declaration.

There are two main ways to resolve this issue, as described in the following Microsoft article: How to perform a clean reinstallation of IIS.
 
NOTE: If there are other Services or Applications that rely on IIS and the configured Web Sites, and uninstalling IIS is not an option, review the Microsoft article above and manually check the config files for corrupted entries.

Here are the steps to take to address this installation issue:

1. Remove IIS and the WAS service completely: 
   1. Remove the Web Server (IIS) role from the Server Roles tab in Server Manager.
   2. Remove Windows Process Activation Service in the Features tab in Server Manager.
2. After cleaning up, reinstall IIS, Windows Process Activation Service, and HTTP Activation under WCF Services, which are required dependencies.
3. Make sure the server has been restarted after the IIS cleanup, then proceed to reinstall the Okta IWA Agent. Please run the installer as an Administrator.

Related References

• Install and configure the Okta IWA Web agent for Desktop Single Sign-on
• How to perform a clean reinstallation of IIS