<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D5WR000017AMIR0A4Okta Classic EngineDirectoriesAnswered2025-12-31T17:40:00.000Z2025-12-28T20:26:45.000Z2025-12-31T17:40:00.000Z

DarnellK.21025 (Customer) asked a question.

December 28, 2025 at 8:26 PM
Okta Agent operational but doesn't progress to step 2

Hi,

This is not my first time installing the Okta agent but recently things aren't working properly. Over the course of two days I've played with fresh installs of Server 2025 and 2019. Servers are updated and promoted to dc and I run the agent installer as a domain admin. The install finishes with me logging into Okta to verify the challenge, but the setup never progresses to step 2 (basic settings) and I'm unable to perform mappings and sync.

 

Agent log doesn't show any errors but looks mostly like this:

 

2025/12/28 15:17:58.367-05:00 Info -- DC01(8) -- GET: https://"myorg"/api/1/internal/app/activedirectory/0oaypf6ci4MITq875697/agent/a53yotpn7nJATLAIF697/nextAction?agentVersion=3.22.0.0&pollid=dcde5fb3-0237-4a39-a3af-c1a958f1dc6a

2025/12/28 15:17:58.367-05:00 Info -- DC01(4) -- Decrypting payload

2025/12/28 15:17:58.367-05:00 Info -- DC01(4) -- Payload successfully decrypted

2025/12/28 15:17:58.367-05:00 Info -- DC01(4) -- Next action = NONE

2025/12/28 15:17:58.367-05:00 Info -- DC01(9) -- GetResponse starting, CurrentConnections:2, ConnectionLimit:10, Timeout:33000, ReadWriteTimeout:300000, KeepAlive:True, ConnectionLeaseTimeout:300000.

2025/12/28 15:17:58.367-05:00 Info -- DC01(11) -- Decrypting payload

2025/12/28 15:17:58.383-05:00 Info -- DC01(11) -- Payload successfully decrypted

2025/12/28 15:17:58.383-05:00 Info -- DC01(11) -- Next action = NONE

2025/12/28 15:17:58.383-05:00 Info -- DC01(8) -- GetResponse starting, CurrentConnections:2, ConnectionLimit:10, Timeout:33000, ReadWriteTimeout:300000, KeepAlive:True, ConnectionLeaseTimeout:300000.

 

It's always Next action - None.

I've also tried different domains and that didn't work. So now I have two ad directory integrations in my org that appear connected but say configuration not complete. Can't delete them either.

 

Okta service is running

okta service has domain admin privs

windows firewall has been turned off

ntp is in sync

updated to the last .net framework for 2019

 

What am I missing?

  • 1 answer
  • 104 views

  • paul.stiniguta1.508386743840768E12 (Okta, Inc.)

    Hello @DarnellK.21025 (Customer)​ Thank you for posting on our Community page!

     

    Since this is happening across different OS versions and even different domains, the issue likely resides in the Okta Admin Console state or a specific networking/TLS handshake requirement that hasn't been met.

    You mentioned you have two integrations that say "Configuration not complete" and can't be deleted. This is often the root cause. If Okta thinks a setup is "in progress," it might not push the

    Next action

    to a new agent install.

    • Try this: Go to Directory > Directory Integrations. Click on the problematic AD instance. If there is a "Finish Setup" or "Resume" button, click it.
    • If you need to delete them: You usually cannot delete an AD integration if an agent is still technically associated with it. Stop the Okta AD Agent service on your DC, wait a few minutes for it to show as "Inactive" in the console, then try deleting the instance.

     

    Please also see if all the requirements have been meet:

    https://help.okta.com/en-us/content/topics/directory/ad-agent-prerequisites.htm

     

    Thank you for reaching out to our Community and have a great day!

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Expand Post
    Selected as Best

  • paul.stiniguta1.508386743840768E12 (Okta, Inc.)

    Hello @DarnellK.21025 (Customer)​ Thank you for posting on our Community page!

     

    Since this is happening across different OS versions and even different domains, the issue likely resides in the Okta Admin Console state or a specific networking/TLS handshake requirement that hasn't been met.

    You mentioned you have two integrations that say "Configuration not complete" and can't be deleted. This is often the root cause. If Okta thinks a setup is "in progress," it might not push the

    Next action

    to a new agent install.

    • Try this: Go to Directory > Directory Integrations. Click on the problematic AD instance. If there is a "Finish Setup" or "Resume" button, click it.
    • If you need to delete them: You usually cannot delete an AD integration if an agent is still technically associated with it. Stop the Okta AD Agent service on your DC, wait a few minutes for it to show as "Inactive" in the console, then try deleting the instance.

     

    Please also see if all the requirements have been meet:

    https://help.okta.com/en-us/content/topics/directory/ad-agent-prerequisites.htm

     

    Thank you for reaching out to our Community and have a great day!

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Expand Post
    Selected as Best

Loading
Okta Agent operational but doesn't progress to step 2