# KB000001: The Access Manager Agent cannot connect and logs a token-validation-failed error

## Summary

The Lithnet Access Manager agent may show the following error message in the agent log file

```
LithnetAccessManagerAgent[909131]: Lithnet.AccessManager.Agent.LinuxLapsAgent[1006] The LAPS agent process encountered an error
Lithnet.AccessManager.Agent.ApiException: The API call failed with HTTP status Unauthorized:Unauthorized. The API returned error code 'token-validation-failed'
```

The server will show a corresponding error message in the `access-manager-api.log` file

```
|ERROR|Lithnet.AccessManager.Api.ApiErrorResponseProvider|The security token failed the validation process

Microsoft.IdentityModel.Tokens.SecurityTokenInvalidAudienceException: IDX10214: Audience validation failed. Audiences: 'System.String'. Did not match: validationParameters.ValidAudience: 'System.String' or validationParameters.ValidAudiences: 'System.String'.
```

## Cause

This issue occurs because the hostname configured as the `External host name` on the server, differs from the host name provider at agent registration time

## Resolution

### Step 1: Validate server-side external host name

To resolve this issue, first check that the `External host name` field is correct on the server side.

![](https://1500666603-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FzPrDxVWpXXpSNTpkDVnR%2Fuploads%2Fgit-blob-3219305a5244ced089f5b7424b3f96eb370907f0%2Fui-page-host-configuration.png?alt=media)

### Step 2: Validate client-side configuration

On the client side, ensure the matching name has been specified during the setup process.

#### Linux

Run the following command to repeat the setup process, and provide the correct hostname

```shell
/opt/LithnetAccessManagerAgent/Lithnet.AccessManager.Agent --setup
```

#### macOS

Run the following command to repeat the setup process, and provide the correct hostname

```shell
/Applications/LithnetAccessManagerAgent/Lithnet.AccessManager.Agent --setup
```

#### Windows

Run the following command to repeat the setup process, and provide the correct hostname

```batch
"C:\Program Files\Lithnet\Access Manager Agent\Lithnet.AccessManager.Agent.exe" --setup
```