<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7VX4SANOkta Classic EngineAdministrationAnswered2024-04-30T09:18:25.000Z2015-09-21T16:16:54.000Z2016-09-01T15:30:28.000Z

Phil L Ibarrola (Thoughtworks) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:20 AM
Has anyone experienced a E0000006 error from the Okta AD Agent?
I recently had an Okta AD Agent stop working.  The logs indicated a E0000006 (Not authorized) error.  It seems like the agent is no longer authorized to interact with Okta.

 

Has anyone seen this before?

What could have caused this?  (there were no changes to the environment.  no really!! I promise!)

 

I'm un-installing/re-installing the agent right now which I imagine will resolve it, but just want to see if others have experience with it.

 

Thanks,

Phil

  • 6 answers
  • 8.63K views

  • Jim Knutson - Okta (Okta, Inc.)

    Hello Phil,

    According to our Developer Information located here:

    http://developer.okta.com/docs/api/getting_started/error_codes.html

    "E0000006 You do not have permission to perform the requested action."

    It sounds like the permissions on the Okta Admin account used for the install are no longer valid. If you know the account, you can check in the Security Tab in the okta admin console to verify permissions, or I recomend a re-install the agent, as we have safe guards to make sure tha accounts that are being used are valid at the time of install.

     

      If you are still having issues please open a support case with our team and we will be able to help.

    To open a support case give us a call at 1-800-219-0964 or click on the "Help and Training" Link in your Okta Admin console.

     

    Best Regards,

     

    Jim

     

    Jim Knutson, Customer Success Manager, Okta

     

    Expand Post

  • Phil L Ibarrola (Thoughtworks)

    Un-installing / re-installing seemed to fix the problem.  In the process, the agent was re-authorized and it started servicing AD events again.

     

    How did it get into this state?  The API token for the agent didn't change and was still valid for that agent.  Nothing else in the environment changed.  I was hoping to understand how it got in this state, so we can prevent it from happening again.

     

    Expand Post

  • svcV.75126 (Customer)

    Hi Phil,

     

    I've seen something similar but mine was in a preview environment and I was disabling agents and enabling agents as part of testing. In that case I think the token that had been issued to the agent in question had really been revoked.

     

    Do the system logs indicate any meaningful token lifecycle events?

     

    That said based on the error it seems more like a rights issue than a valid token issue and I cannot see a way through the GUI to manipulate the rights that are assinged to the ad agent user.
    Expand Post

  • j5v7c (j5v7c)

    The API tokens expire if unused for a period of time.  Was the AD Agent regularly importing/syncing till the point that it expired?  Any info in the AD Agent logs?

     

    Madhu Mahadevan, Sr. Sales Engineer, Okta

  • Phil L Ibarrola (Thoughtworks)

    HI Madhu,

     

    Thanks for the reply!

     

    The agent had been shut down for a few days as we were troubleshooting something in the environment and wanted to force all "work" to a specific agent.  My understanding is the tokens automatically expire after 30 days of inactivity.  

     

    We did check the agent logs.  That's where we found the E000006 errors and other authorization errors.  We tried troubleshooting for a while, but we were time constrained and had to move on.  We were fairly confident that a reinstall would resolve the problem.  I was curious if anyone (customer or Okta) had more insight into what may have happened.

     

    Thanks,

    Phil

    Expand Post

  • Phil L Ibarrola (Thoughtworks)

    Hi Matt,

     

    Thanks for your reply!

     

    We didn't see any token lifecycle events in our logs.  The token for the particular agent was still valid as far as we could tell.  This is what caused the confusion for us.  Like I said in my response to Madhu... we shut down this particular agent for a few days to troubleshoot a problem.  When we tried to restart the agent, we ended up with a new problem on our hands.  ðŸ™‚  

     

    I guess we'll just have to chalk this one up to entropy and let everyone know reinstalling the agent resolves this particular error.  Not the most satisfying answer, but it works.

     

    Thanks,

    Phil

    Expand Post
This question is closed.
Loading
Has anyone experienced a E0000006 error from the Okta AD Agent?