AD Agent Cannot Start Due to Missing Permission
Feb 13, 2026
Okta Classic Engine
Directories
Okta Identity Engine
Overview
The Active Directory (AD) Agent cannot restart when the server is restarted due to the following error:
Windows could not start the Okta AD Agent service on Local Computer.
Microsoft Error 1069: The service did not start due to a logon failure.
Applies To
- Directories
- Active Directory Service Account
Cause
The Okta AD Agent service account cannot restart due to a missing logon as a service permission.
Solution
- Ensure that the service account used with the AD agent service is NOT locked or disabled in AD.
- Open the Windows Services Manager. Right-click on the Okta AD Agent service, click Properties, and select the Log On tab.
- If Log on as is set to This account, correct the account name and password. This includes re-applying a confirmed password to the service account in case it has recently changed.
- Start the service.
NOTE: If the above does not resolve the issue, it is advised to work with internal Active Directory teams or Microsoft Support to ensure that environmental factors are not automatically removing the logon as a service permission, which is added to the Okta AD Agent service account during agent installation.
