Okta Verify for Windows Upgrade Limitation
Last Updated:
Overview
This article addresses a specific issue where the auto update feature of Windows Okta Verify(WOV) application fails due to a conflict with a partially uninstalled Okta Device Trust for Windows Desktop Registration Task.
Applies To
- Okta Verify for Windows version 5.1.3 and above
- Okta Device Trust for Windows (all versions)
Cause
Windows Okta Verify (WOV) and Windows Okta Device Trust (ODT) share registry settings. Recently, Windows Okta Verify (WOV) was upgraded to utilize a new installer module. However, due to a defect in the Device Trust for Windows installer (OktaDeviceRegistrationTaskSetup-X.Y.Z.msi), the registry values at the shared location are not properly cleaned up. This results in residual registry settings left behind, causing Windows Okta Verify upgrade failures. It is also observed that this may happen in succession, spawning multiple instances of the Okta Verify Setup process.
A small subset of users may experience Windows Okta Verify (WOV) upgrade failures because they have a partially uninstalled version of Windows Okta Device Trust (ODT).
Solution
For users affected by this issue, use the following script to clean up the residual registry settings left by the partially uninstalled Device Trust for Windows. This will resolve the conflict and allow the Windows Okta Verify (WOV) auto-updater to proceed as expected. The script below must be executed with admin privileges.
Cleanup Script
function GuidToRegistryFormat
{
param([string] $productCode)
$bytes = [System.Guid]::Parse($productCode).ToByteArray()
$stringBytes = [System.BitConverter]::ToString($bytes).Split('-')
for ($i = 0; $i -lt $stringBytes.Length; ++$i)
{
$a = $stringBytes[$i].ToCharArray()
$stringBytes[$i] = -join($a[1],$a[0])
}
return -join($stringBytes)
}
function LegacyInstallerCleanup {
param (
[string] $legacyProductCode
)
$legacyProductCodeRgFmt = GuidToRegistryFormat $legacyProductCode
if ($null -ne $legacyProductCodeRgFmt -and $legacyProductCodeRgFmt -ne "")
{
$legacyProductInstallerPath = "HKLM:\SOFTWARE\Classes\Installer\Products\{0}" -f $legacyProductCodeRgFmt
REG EXPORT "HKLM\SOFTWARE\Classes\Installer\Products" "$env:TEMP\RegistryBackup.reg"
Write-Host $legacyProductInstallerPath
Remove-Item -Path $legacyProductInstallerPath -Recurse
}
}
Write-Host "Clean up Device Trust Installer"
$DeviceTrustProductCode = "C9FB41A7-4342-4A08-843E-34C26792B9AD"
LegacyInstallerCleanup $DeviceTrustProductCode;