This article reviews a RADIUS Agent log error message:

<yyyy>-<mm>-<dd> <hr>:<min>:<sec> UTC [<Srvr name>, pool-#-thread-#] : 
ERROR - ClientProtocolException exception raised. Message: null
org.apache.http.client.ClientProtocolException: null
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:187) ~[httpclient-4.5.13.jar:4.5.13]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:72) ~[httpclient-4.5.13.jar:4.5.13]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:221) ~[httpclient-4.5.13.jar:4.5.13]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:165) ~[httpclient-4.5.13.jar:4.5.13]
at com.okta.ragent.util.RestUtil.genericApiRequest(RestUtil.java:307) ~[OKTARadiusAgent.jar:?]
at com.okta.ragent.util.RestUtil.getRadiusAppsInfo(RestUtil.java:199) ~[OKTARadiusAgent.jar:?]
at com.okta.ragent.facade.OktaApiFacade.getRadiusAppsAndInfo(OktaApiFacade.java:82) ~[OKTARadiusAgent.jar:?]
at com.okta.ragent.base.OktaRadiusAgent.updatePorts(OktaRadiusAgent.java:329) ~[OKTARadiusAgent.jar:?]
at com.okta.ragent.base.OktaRadiusAgent$2.run(OktaRadiusAgent.java:259) ~[OKTARadiusAgent.jar:?]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) ~[?:?]
at java.util.concurrent.FutureTask.run(FutureTask.java:264) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[?:?]
at java.lang.Thread.run(Thread.java:829) ~[?:?]
Caused by: org.apache.http.ProtocolException: Target host is not specified
at org.apache.http.impl.conn.DefaultRoutePlanner.determineRoute(DefaultRoutePlanner.java:71) ~[httpclient-4.5.13.jar:4.5.13]
at org.apache.http.impl.client.InternalHttpClient.determineRoute(InternalHttpClient.java:125) ~[httpclient-4.5.13.jar:4.5.13]
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) ~[httpclient-4.5.13.jar:4.5.13]

This error can be found in the RADIUS Agent logs. For more information on finding and reviewing RADIUS agent logs, see the knowledge article Working with Okta RADIUS Agent Logs.

When this issue occurs, the RADIUS agent may intermittently show inactive status in the RADIUS tab of the Agents Dashboard. Authentication against the agent will not be functional or will intermittently fail. 

• RADIUS Agent
• Windows Operating System 
• Linux Operating System

This issue is known to occur because of:

• Issues with older versions of the Okta RADIUS Agent.
• RADIUS Agent communication issues.

Update / Fresh install the latest RADIUS agent

This issue may be due to the version of the Okta RADIUS Agent. Okta recommends running the latest version for the best and most secure experience.

1. To verify the latest available version, reference our manual chapter.
   • See: Okta RADIUS Server Agent version history.
2. To verify the Okta RADIUS agent version in use in an environment.
   • See: Determine the RADIUS agent version.
3. For more information on updating the Okta RADIUS Agent.
   • See Knowledge Article: Step-by-Step Guide for Upgrading RADIUS Server Agent and On-Prem MFA Agent.

Resolve Communication Issues:

If using the latest version, this issue may be caused by network communication issues. Here are some of the areas to check/test:

• Try connecting to the Okta tenant from a web browser on the server. Open a browser and navigate to the Okta domain (for example, https://<orgName>.okta.com). If unsuccessful, this will need to be resolved to ensure the Agent can communicate back to the Okta home tenant on Port 443.
  • Ensure Okta IPs and communication are not blocked.
    • See: Allow access to Okta IP addresses for more details on allowing communication to Okta. 
• Ensure the Okta RADIUS Agent can attach and "listen" on the RADIUS Service Port from a command line, use netstat to check which Program ID (PID) is listening on the RADIUS service port with the command:
  • netstat -ano | find "1812".
    • NOTE: The find parameter would be whatever service port or ports the RADIUS agent should be listening on. By default, this is 1812. 

• • • This command switches "o" in the -ano to show the PID that is listening on that port. Shown above, the PID is 3132.
  • Noting the PID from the previous command, use this command to verify that this process ID belongs to the RADIUS agent:
    • tasklist /FI "PID eq <PID#>".
      • where <PID#> above would be the PID recorded from the previous command. In the example above, the PID is 3132.

• • If this is not in use by the Okta RADIUS agent, or nothing is showing up in netstat as listening on the port, make sure:
    • The RADIUS agent is running on the server. Start or restart the ragent.exe service.
    • Ensure the Windows Firewall is not blocking the RADIUS agent service port.

Related References

• Okta RADIUS Server Agent version history
• Determine the RADIUS agent version
• Step-by-Step Guide for Upgrading RADIUS Server Agent and On-Prem MFA Agent
• Allow access to Okta IP addresses