<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content

Okta Verify for Windows Upgrade Limitation

Okta Classic Engine
Multi-Factor Authentication
Okta Identity Engine

Overview

This article addresses a specific issue where the auto update feature of Windows Okta Verify(WOV) application fails due to a conflict with a partially uninstalled  Okta Device Trust for Windows Desktop Registration Task.

Applies To

  • Okta Verify for Windows version 5.1.3 and above
  • Okta Device Trust for Windows (all versions) 

Cause

Windows Okta Verify (WOV) and Windows Okta Device Trust (ODT) share registry settings. Recently, Windows Okta Verify (WOV)  was upgraded to utilize a new installer module. However, due to a defect in the Device Trust for Windows installer (OktaDeviceRegistrationTaskSetup-X.Y.Z.msi), the registry values at the shared location are not properly cleaned up. This results in residual registry settings left behind, causing Windows Okta Verify upgrade failures. It is also observed that this may happen in succession, spawning multiple instances of the Okta Verify Setup process.

A small subset of users may experience Windows Okta Verify (WOV)  upgrade failures because they have a partially uninstalled version of Windows Okta Device Trust (ODT).

Solution

For users affected by this issue, use the following script to clean up the residual registry settings left by the partially uninstalled Device Trust for Windows. This will resolve the conflict and allow the Windows Okta Verify (WOV) auto-updater to proceed as expected. The script below must be executed with admin privileges.

Cleanup Script

function GuidToRegistryFormat
{
    param([string] $productCode)
    $bytes = [System.Guid]::Parse($productCode).ToByteArray()
    $stringBytes = [System.BitConverter]::ToString($bytes).Split('-')
    for ($i = 0; $i -lt $stringBytes.Length; ++$i)
    {
        $a = $stringBytes[$i].ToCharArray()
        $stringBytes[$i] = -join($a[1],$a[0])
    }
    return -join($stringBytes)
}
function LegacyInstallerCleanup {
    param (        
        [string] $legacyProductCode        
    )
    $legacyProductCodeRgFmt = GuidToRegistryFormat $legacyProductCode
    if ($null -ne $legacyProductCodeRgFmt -and $legacyProductCodeRgFmt -ne "")
    {
        $legacyProductInstallerPath = "HKLM:\SOFTWARE\Classes\Installer\Products\{0}" -f $legacyProductCodeRgFmt
        REG EXPORT "HKLM\SOFTWARE\Classes\Installer\Products" "$env:TEMP\RegistryBackup.reg"
        Write-Host $legacyProductInstallerPath
        Remove-Item -Path $legacyProductInstallerPath -Recurse
    }
}
Write-Host "Clean up Device Trust Installer"
$DeviceTrustProductCode = "C9FB41A7-4342-4A08-843E-34C26792B9AD"
LegacyInstallerCleanup $DeviceTrustProductCode;
Loading
Okta Support - Okta Verify for Windows Upgrade Limitation