The Active Directory (AD) Agent fails to reconnect to Okta after a server restore because Okta invalidates the OAuth 2.0 token for security reasons. To resolve this issue, reinstall the AD Agent on the server. When this issue occurs, the AD Agent logs display the following errors:

{Response from server: 401 UNAUTHORIZED "Unauthorized"}

{Response from server: {"errorCode":"E0000011","errorSummary":"Invalid token provided","errorLink":"E0000011"}

NOTE: Review the Connection Issues for Okta AD Agent Versions 3.18.0 and Above documentation if the AD Agent logs contain the following error:

{"error":"invalid_token","error_description":"The token timestamp is invalid."}

• Okta Identity Engine (OIE)
• Okta Classic Engine
• Active Directory (AD) Integration
• Active Directory (AD) Agent

Okta invalidates the OAuth 2.0 token for security reasons when a server restore reverts the AD Agent to an earlier snapshot.

How is the Active Directory Agent reconnected to Okta after a server restore?

To reconnect the server to Okta, uninstall the existing agent, download the latest installer from the Admin Console, and run the installation program.

1. Uninstall the Okta Active Directory agent.
2. In the Okta Admin Console, go to Settings > Downloads.
3. Scroll to the AD Agent Installer section and select Download Latest.
   
4. Run the installation program and follow the directions.