<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Okta Active Directory Agent Service Will Not Start with Agent Log Error "Could not load encrypted configuration settings"
Jun 25, 2025
Okta Classic Engine
Directories
Okta Identity Engine
Overview

The Okta AD Agent service does not start. AD Agent logs show the error message: 

 

Could not load encrypted configuration settings from C:\Program Files (x86)\Okta\Okta AD Agent\OktaAgentService.exe.config. Probably, the configuration file was encrypted by another user. Reinstall the agent to fix this issue.

 

2024/12/13 12:07:40.983-06:00 Info -- SERVER(4) -- Okta AD Agent starting
2024/12/13 12:07:40.985-06:00 Info -- SERVER(4) -- Service account: DOMAIN\service.account
2024/12/13 12:07:40.986-06:00 Info -- SERVER(4) -- Loading configuration file: C:\Program Files (x86)\Okta\Okta AD Agent\OktaAgentService.exe
2024/12/13 12:07:41.296-06:00 Info -- SERVER(4) -- BaseOktaURI: https://<org>.okta.com
2024/12/13 12:07:41.308-06:00 Error -- SERVER(4) -- Could not load encrypted configuration settings from C:\Program Files (x86)\Okta\Okta AD Agent\OktaAgentService.exe.config. Probably, the configuration file was encrypted by another user. Reinstall the agent to fix this issue.
2024/12/13 12:07:41.314-06:00 Info -- SERVER   at Okta.Agent.ClientConfig.LoadFromFile(String path, Boolean loadProtectedSettings)
   at Okta.Agent.AgentInstance.Start(Boolean logToConsole)
Okta.Agent.ClientConfigException received with message Could not load encrypted configuration settings from C:\Program Files (x86)\Okta\Okta AD Agent\OktaAgentService.exe.config. Probably, the configuration file was encrypted by another user. Reinstall the agent to fix this issue. Source=OktaAgentService InnerException=System.Security.Cryptography.CryptographicException: Key not valid for use in specified state.
	Caused by System.Security.Cryptography.CryptographicException received with message Key not valid for use in specified state.
 Source=System.Security InnerException=.
2024/12/13 12:07:41.315-06:00 Info -- SERVER(4) -- Okta AD Agent stopping
2024/12/13 12:07:41.315-06:00 Info -- SERVER(4) -- Okta AD Agent stopped
Applies To
  • Directories
  • Active Directory
  • Okta AD Agent
Cause

This message indicates the agent configuration file cannot be decrypted by the service account being used. This is commonly encountered after attempting to update the Okta AD Agent service account or restoring the AD Agent server from a backup.

Solution

It is necessary to perform a complete uninstall of the Okta AD Agent.

  1. Uninstall the AD Agent using the Microsoft "Programs and Features" or "Apps and Features" components.
  2. Delete or rename the folder C:\Program Files (x86)\Okta\Okta AD Agent. This is to ensure that the old configuration file will not be used during installation.
  3. Perform a fresh install of the latest Okta AD Agent.
    • If there is no prompt to enter service account credentials during installation, then the old configuration file was not removed prior to installation. Cancel the install, remove/rename the folder, and start again. 

 

Related References

Recommended content

Still looking for help?
Loading
Okta Active Directory Agent Service Will Not Start with Agent Log Error "Could not load encrypted configuration settings"