Normally, the cause of this issue is due to an expired JWT Token. To resolve the issue, kindly make sure of the following:
- The time on the AD is the same as with the Apex Central™ Time. If they are different, you need to adjust the time and sync it with Apex Central™.
- In any case where the AD time can’t be changed, kindly modify the AgentExpTimeSec setting in ADSyncAgentTool.exe.Config. By default, it is set to "300 seconds" (5 Minutes).
- Once the time has been changed, kindly run the following command again:
ADSyncAgentTool.exe –s
It should be successful.