<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7UnESAVOkta Classic EngineAdministrationAnswered2024-04-30T09:18:25.000Z2016-08-22T14:14:46.000Z2018-04-30T02:57:53.000Z

34b2b (34b2b) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:19 AM
Desktop SSO Could not establish trust relationship
Desktop SSO works fine when used in http / non-ssl mode.  When I enable SSL, bind my certificate and update the configuration OKTA, the SSO agent goes offline with the error "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel."

 

I can run the internal test to this Agent (authenticated.aspx) and the site is up on 443 and the certificate is valid internally for us, is there something we are missing?
  • 6 answers
  • 2.17K views

  • j5v7c (j5v7c)

    I have seen this before, and we removed the Okta IWA module. and then re-installed again, but provided the https/443 paramaters on the second install, and it corrected our problem.

     

    Hope that helps.

  • 34b2b (34b2b)

    the installer doesn't prompt for the URL, that is configured on the OKTA portal side...I uninstalled and reinstalled and still no luck, I also tried deleting the IWA webapp from the OKTA side and then reinstalling, the URL repopulated with the same http://servername/IWA

  • j5v7c (j5v7c)

    Hi Jay,

     

    Did you ever figure out a solution to this problem?  We've been having trouble getting IWA (DSSO) working correctly on anything, but IE and Firefox browsers.  Recently, we started experiencing the exact same issue you mentioned in this question.  Our IWA servers just started going offline as far as Okta's console is concerned.  I can reinstall the DSSO module, so that the IIS site gets rebuilt, and it will come online for a couple minutes and then go offline again.  Can you provide and help?

     

     

    Thanks,

    Derek

    Expand Post

  • OktaSvcAcctO.64944 (Customer)

    I am also facing the same issue. Stood up 2 IWA servers for my prod okta tenant. Both were working fine for a day or so and now both are offline. Tried to resintall agent, and that brought it backonline for a few minutes before it went offline again. 

    Also, to note, i have a IWA agent configured for my non prod tenant which has been functioning without issues for months now. 

    Anyone figure out what the issue is? 

    regards, 

    GB
    Expand Post

  • ph0wa (ph0wa)

    Hello,

     

    May be this may help, it worked for me when i experienced this issue.

     

    For the IWA agent Error: "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel" I had to make sure i was able to access the IWA agent on HTTPS from all AD agents installed (start with the one that shows up on "Last Tested AD Agent" on your IWA agent information. there may be a certificate related error or exception that you have to clear/add before the AD agent cant check status on th IWA agent on HTTPS. if you are using internal certificates (from private PKI CAs) make sure your AD agent servers have al the trusted CA certificaes installed.

     

    if this fixes the issue (IWA goes down after switching to HTTPS) and you still cannot do SSO (get prompted for windows credentials by the browser), then check with you browser settings. you may need to add all the IWA agents (FQDN) to Local Intranet Zone.

     

    regards,

    Muhuji
    Expand Post
This question is closed.
Loading
Desktop SSO Could not establish trust relationship