Troubleshooting

Cause: There was an error sending the request when logging into ADFS.
Solution: Ensure you have enabled CORS in your Okta org.

Cause: During installation you encounter error 1001 PS0033 “cmdlet cannot be executed from a secondary server in a local database farm.
Solution: If you encounter this error closely follow the instructions in the Farm Installation addendum, especially the steps that discuss WID (windows internal database) and promoting each server to be primary.

Cause: During login, after MFA, users received messagde unable to connect.
The ADFS plugin can use a proxy to interact with Okta. By default the the ADFS agent uses the WinHTTP proxy.
Some customers may be using the IE proxy.
Solution: Ensure that the ADFS plugin is using the correct proxy:
- Open a command prompt window.
- Execute the netsh winhttp show proxy command.
- Examine the result of the command which will be one of: no proxy, winhttp or ie.
- For customers using IE, specify IE as proxy source using a command similar to:
netsh winhttp import proxy source=ie - Also ensure that the https://<yourorg>.okta<preview>.com is not blocked by company firewalls.
The following are errors which occur under both MFA as a service, and Open ID Connect (OIDC). Effectively these are the same error but differ in how they are reported.

Cause: Error messages when the assigned user is deactivated in OKTA:
- OIDC: Failed to authenticate. Error: access_denied - 'login_hint' did not match a user assigned to the client ADFS app.
- MFA as Service: General failure: The remote server returned an error: (404) Not Found.

Cause: Error messages when the assigned user is suspended in OKTA:
- OIDC: Failed to authenticate. Error: access_denied - 'login_hint' did not match a user assigned to the client ADFS app.
- MFA as Service: General failure: The remote server returned an error: (401) not authorized.

Cause: Error messages when the same custom name is set to two assigned users on the client ADFS app:
- OIDC>: HTTP 500: Internal Server Error.
- MFA as Service: General failure: The remote server returned an error: (401) Unauthorized.

Cause: Error messages when there is a Deny App Sign-on policy:
- OIDC: Failed to authenticate. Error: access_denied - The MFA attestation request was denied by policy.
- MFA as Service: General failure: The remote server returned an error: (403) Forbidden.