KB000001: The Access Manager Agent cannot connect and logs a token-validation-failed error

Summary

The Lithnet Access Manager agent may show the following error message in the agent log file

LithnetAccessManagerAgent[909131]: Lithnet.AccessManager.Agent.LinuxLapsAgent[1006] The LAPS agent process encountered an error
Lithnet.AccessManager.Agent.ApiException: The API call failed with HTTP status Unauthorized:Unauthorized. The API returned error code 'token-validation-failed'

The server will show a corresponding error message in the access-manager-api.log file

|ERROR|Lithnet.AccessManager.Api.ApiErrorResponseProvider|The security token failed the validation process

Microsoft.IdentityModel.Tokens.SecurityTokenInvalidAudienceException: IDX10214: Audience validation failed. Audiences: 'System.String'. Did not match: validationParameters.ValidAudience: 'System.String' or validationParameters.ValidAudiences: 'System.String'.

Cause

This issue occurs because the hostname configured as the API host name on the server, differs from the host name provider at agent registration time

Resolution

Step 1: Validate server-side API host name

To resolve this issue, first check that the API host name field is correct on the server side.

Step 2: Validate client-side configuration

On the client side, ensure the matching name has been specified during the setup process.

Linux

Run the following command to repeat the setup process, and provide the correct hostname

/opt/LithnetAccessManagerAgent/Lithnet.AccessManager.Agent --setup

macOS

Run the following command to repeat the setup process, and provide the correct hostname

/Applications/LithnetAccessManagerAgent/Lithnet.AccessManager.Agent --setup

Windows

Run the following command to repeat the setup process, and provide the correct hostname

"C:\Program Files\Lithnet\Access Manager Agent\Lithnet.AccessManager.Agent.exe" --setup