The Okta AD Agent is either offline or has reconnected after being reported as offline, and AD Agent logs contain errors similar to:

2024/01/01 23:59:59.686-05:00 Error -- <SERVER_NAME>(17) -- Error retrieving next action
2024/01/01 23:59:59.686-05:00 Info -- <SERVER_NAME> at System.Net.HttpWebRequest.GetResponse()
at Okta.Api.RestClient.GetResponse(HttpWebRequest request)
at Okta.Api.RestClient.RequestObject(String method, Object obj, XmlSerializer inputSerializer, XmlSerializer outputSerializer, UriTemplate template, Nullable`1 timeout, String[] args)
at Okta.Api.RestClient.GetObject(XmlSerializer serializer, UriTemplate template, Nullable`1 timeout, String[] args)
at Okta.Api.OktaApi.GetNextAction(String instanceId, String agentId, String agentVersion)
at Okta.Agent.DelegateUtils.DoUntilSuccessOrAbort[T](Func`1 toDo, String errorMessage, Nullable`1 initialRetrySleep, Int32 maxRetrySleep, Int32 maxRetries)
System.Net.WebException received with message The operation has timed out Source=System InnerException=.

• Active Directory (AD)
• Okta AD Agent

This error indicates that the AD Agent cannot retrieve the next agent action from Okta, which is typically due to an issue with the agent connecting to the Okta service. The AD Agent regularly polls Okta on port 443 to retrieve actions for processing and to report agent status. If the agent is unable to reach the Okta service for a period of more than 120 seconds, Okta will mark the AD Agent as disconnected until connectivity is restored.

To determine if any service or network issues occurred within Okta during the time period when this occurred, access the Okta Status site and review the current system status or service history. Issues reported here will contain details indicating whether agent connectivity may have been impacted by the event.

If no relevant issues are reported on the Okta Status site, this issue is environmental and is outside the scope of Okta Support. However, the steps below may be helpful in troubleshooting the local environment:

1. Check Windows Event Viewer around the time when the issue occurred for events indicating a larger issue may have affected the server and/or network.
2. Restart the AD Agent server. If the agent server has not been restarted in some time, a restart may resolve this issue, especially if updates have been applied to the server since the last reboot.
3. Check firewall and proxy resources to ensure that no traffic is being blocked to or from the AD Agent.
4. Ensure that all Okta IP addresses are added to the allowlist in the environment. More information and a list of IP addresses for the Okta org can be found in List of IP Addresses that Should Be Allowlisted for Inbound Traffic documentation.
5. Consult with the Internet Service Provider to determine if any service or connectivity issues may have affected the environment.
6. A network capture may be necessary to determine the source of the connectivity issue.
7. Monitor the AD Agent server resources (CPU utilization / RAM usage). If the agent server resources are inadequate to process all requests, the server may be reported as offline. This is more likely to be relevant if the issue occurs only during peak hours.
8. If the disconnect event occurs during periods of low or no activity between Okta and AD, the Network Interface Card (NIC) may be falling asleep. It is possible to remediate the issue by placing the NIC in High Performance Mode:
   1. On the AD Agent server, navigate to Control Panel > Hardware > Power Options.
   2. Change the Preferred plans to High Performance.