<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Okta Login via Delegated Authentication Fails with Error Code 1789: "Authenticate user with AD agent FAILURE: Login Failed"
Jul 16, 2024
Okta Classic Engine
Directories
Okta Identity Engine
Overview

Users are unable to authenticate to Okta using Delegated Authentication with Active Directory, and the following error is displayed in System Log:

Authenticate user with AD agent FAILURE: Login Failed


The error code in the System Log entry is 1789. This Microsoft error code states: 

The trust relationship between this workstation and the primary domain failed.

Okta System Log error code 1789

Applies To
  • Delegated Authentication
  • Active Directory
  • AD Agent
Cause

ErrorCode 1789 is a direct response from the Domain Controller and indicates that the trust relationship between the workstation (in this case, the AD Agent server) and the primary domain has failed. Please see Microsoft's documentation for more information regarding this error code: System Error Codes.

The most common cause for this error is that the server that hosts the Okta AD Agent has been removed from the domain.

 
Solution

To remediate this issue, join the server that hosts the AD Agent to the Domain. 

Recommended content

Still looking for help?
Loading
Okta Login via Delegated Authentication Fails with Error Code 1789: "Authenticate user with AD agent FAILURE: Login Failed"