Okta Active Directory Agent Auto-Update Is Not Triggered
Last Updated:
Overview
The Okta Active Directory (AD) Agent Auto-Update fails when the update service runs under an incorrect service account. Changing the service account to LocalSystem resolves this issue. When this configuration error occurs, the auto-update process fails to update the agent without reporting any errors in the logs.
Applies To
- Okta Identity Engine (OIE)
- Okta Classic Engine
- Active Directory (AD) Agent
- Auto-Update
- Directories
Cause
The Okta AD Agent Update service requires the LocalSystem account to execute properly. A previous configuration might incorrectly set the Log On As user of the Okta AD Agent Update service to the Okta AD Agent service account. This incorrect account assignment prevents a successful agent update.
Solution
How is the Okta Active Directory Agent Auto-Update issue resolved?
Verify the service start name using the command prompt and change the log on user to the LocalSystem account to resolve the update failure.
- Launch an administrative Command Prompt.
- Enter the following command to query the service configuration.
sc qc Okta.AdAgent.Update
- Verify that the SERVICE_START_NAME is LocalSystem, which the following command prompt output image demonstrates.
- If the value differs from LocalSystem, change the Log on user of the AD Agent Update service to LocalSystem, which the following service properties image shows.
NOTE: If the value is already LocalSystem, search for the OktaADAgentSetup-<timestamp>-Install.log file in the AD Agent folder and open it. If the log displays a validation error (Failed to validate registration of the installed agent), completely delete and reinstall version 3.17 of the AD Agent, and then reattempt the auto-update.
