<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7UhLSAVOkta Classic EngineMulti-Factor AuthenticationAnswered2024-05-24T09:02:26.000Z2018-04-27T20:49:19.000Z2018-08-12T04:15:03.000Z

ruy1d (ruy1d) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:19 AM
Okta Windows Credential Provider Error
I'm following the guide posted here (https://help.okta.com/en/prod/Content/Topics/Security/proc-mfa-win-creds-rdp.htm) and I have the software installed on the server. I have the app assigned and everything seems to be configured correctly. But when I try to RDP into the server I get "Multi Factor Authenication Failed" I found the log file and it gives me the error: InvalidOperationException thrown System.Net.WebException: The remote server returned an error: (404) Not Found.

 

Wondering if anyone else ran into this error and what the fix was. 

 

Thanks

 

 
  • 5 answers
  • 5.63K views

  • ruy1d (ruy1d)

    Simon,

     

    Yes, that is what I found was the issue as the username that was being sent to Okta wasn't matching the expected value. I found inside of the log file C:\Program Files\Okta\Okta Windows Credential Provider\logs\OktaWidget.log and entry saying "AppUsername sent to Okta="username". Which the username didn't include @domain. So I put custom expression of ${f:substringBefore(user.login, "@")} and that resolved my issue. 

     

    Thanks

    Derek
    Expand Post
    Selected as Best

  • j5v7c (j5v7c)

    My name is Radu and I am a Technical Support Engineer (Tier II) at Okta.

    Please make sure the following:

    - The user is assigned to the app in Okta

    - he RDP client (Remote Desktop Connection for Windows, Microsoft Remote Desktop for Mac, etc.) must match an RDP app username otherwise the login will fail. So if the username you are trying with is the SAM account name , then in Okta should be set as tat (without the domain suffix)

    For any further assistance please open up a case with Okta Support and get all the necessary pieces of information, if not provided yet, such as:

    Use of a supported Windows server, specifically Windows Server 2012, Windows Server 2012 R2, Windows Server 2008, and Windows Server 2008 R2.

    The Windows server on which the Okta credential provider is installed must have an active internet connection with port 443 open.

    The installing account must have administrative rights to install the OKTA Windows Credential Provider Agent, Visual C++ Redistributable and .NET 4.0+.

    End users must have enrolled their MFA tokens previously, by choosing an MFA option for their account when signing in to Okta the first time or after a reset. End user cannot enroll a token during an RDP sign in. End users with unenrolled tokens receive an authentication failed response from Okta when attempting to sign into an RDP server.

    Expand Post

  • SimonW.43540 (Customer)

    Hi Derek

     

    We had this issue, set the username in Okta to SAM account. Won't work with email address.

     

    Thanks

    Simon
    Expand Post

  • ruy1d (ruy1d)

    Simon,

     

    Yes, that is what I found was the issue as the username that was being sent to Okta wasn't matching the expected value. I found inside of the log file C:\Program Files\Okta\Okta Windows Credential Provider\logs\OktaWidget.log and entry saying "AppUsername sent to Okta="username". Which the username didn't include @domain. So I put custom expression of ${f:substringBefore(user.login, "@")} and that resolved my issue. 

     

    Thanks

    Derek
    Expand Post
    Selected as Best

  • ruy1d (ruy1d)

    In the application settings for the sign on and I selected custom and entered in the expression there.

    0EM0Z00000029Qw
This question is closed.
Loading
Okta Windows Credential Provider Error