Unable to Install AD Password Sync Agent
Oct 16, 2025
Okta Classic Engine
Directories
Okta Identity Engine
Overview
The Active Directory (AD) Password Sync agent install is failing with the error:
It was not possible to connect to the revocation server or a definitive response could not be obtained..
Applies To
- AD Password Sync Agent
Cause
A connection is unable to be established to the security certificate's revocation server, which is used to determine if the certificate used to digitally sign the installer and application has been revoked or not. It is possible that a firewall is blocking the traffic, or the correct domain names are not allowlisted.
Solution
This can be fixed in the following ways:
- Ensure the following domain names are allowlisted. For reference: Certificate revocation troubleshooting.
- Disable "Check for server certificate revocation" from Internet Options > Advanced > Security.
