<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z0000A4iGyjCQEOkta Classic EngineDirectoriesAnswered2024-04-25T17:48:10.000Z2024-04-23T23:26:58.000Z2024-04-25T17:48:10.000Z

NickG.01375 (Climate) asked a question.

April 23, 2024 at 11:26 PM
Okta AD Agent install fail blank error message workaround

We recently ran into an issue which looks like one posted and closed here:

 

https://support.okta.com/help/s/question/0D54z00008jV181CAC/okta-ad-agent-installation-is-failing-logs-show-service-okta-ad-agent-was-not-found-on-computer?language=en_US

 

 

 

When installing the Okta agent, it appears the installer fails to register the agent and update services:

 

OktaAgentService.exe

 

Okta.Coordinator.Service.exe

 

 

 

Note, according to my Okta support case. You must make sure the follow is enabled: 

 

 

 

Computer->Windows Settings->Security Settings->Local Policies->Security Options->Network security: Configure encryption types allowed for Kerberos: -> enable rc4_hmac_md,5 aes128, and aes256

 

 

 

Workaround: 

 

Here is the workaround I used and was finally able to proceed with an install. Note, I am NOT saying this is fixed. I'd prefer if we could have Okta investigate further:

 

 

 

Notes: For testing, this was done using my Domain Admin account. I was both logged into the system under this account, and ran the installer as this same Domain Admin account. 

 

 

 

1. I copied the two Okta service executables from our current install running agent v3.17. I did not copy any other files.

 

OktaAgentService.exe

 

Okta.Coordinator.Service.exe

 

 

 

2. These .exe were placed in C:\Program Files (x86)\Okta\Okta AD Agent\. Note the only other file in this directory at the time was the "log" from InstallUtil. Aka this was basically a clean install. 

 

 

 

3. I then manually registered the exe files above using admin cmd: - Note: I did this as I suspect something is wrong with the installer when trying to register these services:

 

 

 

sc.exe create "Okta Active Directory Service" binPath= "C:\Program Files (x86)\Okta\Okta AD Agent\OktaAgentService.exe" DisplayName="Okta AD Agent"

 

 

 

AND

 

 

 

sc.exe create "Okta.AdAgent.Update" binPath= "C:\Program Files (x86)\Okta\Okta AD Agent\Okta.Coordinator.Service.exe" DisplayName="Okta AD Agent Update"

 

 

 

4. Finally I went into the windows services and changed the "Okta AD Agent" service LogOn tab from local system to my Domain Admin account. The updater service does not need to have the LogOn tab adjusted. 

 

 

 

After doing all of this, the 3.17 installer worked as expected.

  • 2 answers
  • 608 views
User16594883467582706479 and Mihai N. like this.
This question is closed.
Loading
Okta AD Agent install fail blank error message workaround