Normally, the cause of this issue is due to an expired JWT Token. To resolve the issue, kindly make sure of the following:
- The time on the AD is the same as with the Apex One as a Service Time. If they are different, you need to adjust the time and sync it with Apex One as a Service.
- In any case where the AD time can’t be changed, kindly modify the AgentExpTimeSec setting in ADSyncAgentTool.exe.Config.By default, it is set to "300 seconds" (5 Minutes).
- Once the time has been changed, kindly run the following command again:
ADSyncAgentTool.exe –s
It should be successful.