After Installation of new Certificate Orchestrator is not working

Help Orchestrator
1

Hi,

we have to renew our certificate for Orchestrator. We moved from self signed certificate to AD Certificate. After finishing of the installation now start page of Orchestrator jumps to “Account/Login?returnUrl=%2F” and show following message:

{“message”:“An error has occurred.”,“errorCode”:0,“resourceIds”:null}

I checked also server application logs and found:
1.)
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: ‘[PII is hidden. For more details, see Bing]’.
—> System.IO.IOException: IDX20807: Unable to retrieve document from: ‘[PII is hidden. For more details, see Bing]’. HttpResponseMessage: ‘[PII is hidden. For more details, see Bing]’, HttpResponseMessage.Content: ‘[PII is hidden. For more details, see Bing]’.

2.)
Abp.Authorization.AbpAuthorizationException: Current user did not login to the application!
at UiPath.Orchestrator.Web.Authorization.UiAuthorizationHelper.AuthorizeAsync(IEnumerable`1 authorizeAttributes)
at Abp.Authorization.AuthorizationHelper.CheckPermissionsAsync(MethodInfo methodInfo, Type type)
at UiPath.Orchestrator.Web.Authorization.UiAuthorizationHelper.AuthorizeAsync(MethodInfo methodInfo, Type type)

We are using the version 20.10.8 on Windows 2016 Server.

What are we missing?

Thanks
Serdar

2

@tuncali

Check below thread for your reference

Hope this may help you

Thanks

3

Hi Srini84,

thanks for the suggestions, but it did not work for us.

Regards

4

I followed the steps from this page (Prerequisites for Installation) and now I can see the login page. After login redirect is not working. I found following error message in Windows logs:

1-)
IdentityServer4.Hosting.IdentityServerMiddleware Unhandled exception: The system cannot find the file specified.
WindowsCryptographicExceptionThe system cannot find the file specified. at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider, CngKeyOpenOptions openOptions)
at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider)
at Internal.Cryptography.Pal.CertificatePal.GetPrivateKey[T](Func2 createCsp, Func2 createCng)
at Internal.Cryptography.Pal.CertificatePal.GetRSAPrivateKey()
at Internal.Cryptography.Pal.CertificateExtensionsCommon.GetPrivateKey[T](X509Certificate2 certificate, Predicate`1 matchesConstraints)
at System.Security.Cryptography.X509Certificates.RSACertificateExtensions.GetRSAPrivateKey(X509Certificate2 certificate)
at Microsoft.IdentityModel.Tokens.X509SecurityKey.get_PrivateKey()
at Microsoft.IdentityModel.Tokens.X509SecurityKey.get_PrivateKeyStatus()
at Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider.FoundPrivateKey(SecurityKey key)
at Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider…ctor(SecurityKey key, String algorithm, Boolean willCreateSignatures)
at Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider…ctor(SecurityKey key, String algorithm, Boolean willCreateSignatures, CryptoProviderFactory cryptoProviderFactory)
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateSignatureProvider(SecurityKey key, String algorithm, Boolean willCreateSignatures)
at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateForSigning(SecurityKey key, String algorithm)
at Microsoft.IdentityModel.JsonWebTokens.JwtTokenUtilities.CreateEncodedSignature(String input, SigningCredentials signingCredentials)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.WriteToken(SecurityToken token)
at IdentityServer4.Services.DefaultTokenCreationService.CreateJwtAsync(JwtSecurityToken jwt)
at IdentityServer4.Services.DefaultTokenCreationService.CreateTokenAsync(Token token)
at IdentityServer4.Services.DefaultTokenService.CreateSecurityTokenAsync(Token token)
at IdentityServer4.ResponseHandling.AuthorizeResponseGenerator.CreateImplicitFlowResponseAsync(ValidatedAuthorizeRequest request, String authorizationCode)
at IdentityServer4.ResponseHandling.AuthorizeResponseGenerator.CreateHybridFlowResponseAsync(ValidatedAuthorizeRequest request)
at IdentityServer4.ResponseHandling.AuthorizeResponseGenerator.CreateResponseAsync(ValidatedAuthorizeRequest request)
at IdentityServer4.Endpoints.AuthorizeEndpointBase.ProcessAuthorizeRequestAsync(NameValueCollection parameters, ClaimsPrincipal user, ConsentResponse consent)
at IdentityServer4.Endpoints.AuthorizeEndpoint.ProcessAsync(HttpContext context)
at IdentityServer4.Hosting.IdentityServerMiddleware.Invoke(HttpContext context, IEndpointRouter router, IUserSession session, IEventService events)

2-)
Microsoft.AspNetCore.Server.IIS.Core.IISHttpServer Connection ID “18230571297501347935”, Request ID “80000060-0001-fd00-b63f-84710c7967bb”: An unhandled exception was thrown by the application.
WindowsCryptographicExceptionThe system cannot find the file specified. at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider, CngKeyOpenOptions openOptions)
at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider)
at Internal.Cryptography.Pal.CertificatePal.GetPrivateKey[T](Func2 createCsp, Func2 createCng)
at Internal.Cryptography.Pal.CertificatePal.GetRSAPrivateKey()
at Internal.Cryptography.Pal.CertificateExtensionsCommon.GetPrivateKey[T](X509Certificate2 certificate, Predicate1 matchesConstraints) at System.Security.Cryptography.X509Certificates.RSACertificateExtensions.GetRSAPrivateKey(X509Certificate2 certificate) at Microsoft.IdentityModel.Tokens.X509SecurityKey.get_PrivateKey() at Microsoft.IdentityModel.Tokens.X509SecurityKey.get_PrivateKeyStatus() at Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider.FoundPrivateKey(SecurityKey key) at Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider..ctor(SecurityKey key, String algorithm, Boolean willCreateSignatures) at Microsoft.IdentityModel.Tokens.AsymmetricSignatureProvider..ctor(SecurityKey key, String algorithm, Boolean willCreateSignatures, CryptoProviderFactory cryptoProviderFactory) at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateSignatureProvider(SecurityKey key, String algorithm, Boolean willCreateSignatures) at Microsoft.IdentityModel.Tokens.CryptoProviderFactory.CreateForSigning(SecurityKey key, String algorithm) at Microsoft.IdentityModel.JsonWebTokens.JwtTokenUtilities.CreateEncodedSignature(String input, SigningCredentials signingCredentials) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.WriteToken(SecurityToken token) at IdentityServer4.Services.DefaultTokenCreationService.CreateJwtAsync(JwtSecurityToken jwt) at IdentityServer4.Services.DefaultTokenCreationService.CreateTokenAsync(Token token) at IdentityServer4.Services.DefaultTokenService.CreateSecurityTokenAsync(Token token) at IdentityServer4.ResponseHandling.AuthorizeResponseGenerator.CreateImplicitFlowResponseAsync(ValidatedAuthorizeRequest request, String authorizationCode) at IdentityServer4.ResponseHandling.AuthorizeResponseGenerator.CreateHybridFlowResponseAsync(ValidatedAuthorizeRequest request) at IdentityServer4.ResponseHandling.AuthorizeResponseGenerator.CreateResponseAsync(ValidatedAuthorizeRequest request) at IdentityServer4.Endpoints.AuthorizeEndpointBase.ProcessAuthorizeRequestAsync(NameValueCollection parameters, ClaimsPrincipal user, ConsentResponse consent) at IdentityServer4.Endpoints.AuthorizeEndpoint.ProcessAsync(HttpContext context) at IdentityServer4.Hosting.IdentityServerMiddleware.Invoke(HttpContext context, IEndpointRouter router, IUserSession session, IEventService events) at IdentityServer4.Hosting.IdentityServerMiddleware.Invoke(HttpContext context, IEndpointRouter router, IUserSession session, IEventService events) at IdentityServer4.Hosting.MutualTlsTokenEndpointMiddleware.Invoke(HttpContext context, IAuthenticationSchemeProvider schemes) at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at IdentityServer4.Hosting.BaseUrlMiddleware.Invoke(HttpContext context) at UiPath.IdentityServer.Web.Extensions.Configuration.HttpResponseManualRedirectExtensions.<>c__DisplayClass3_0.<<ManualRedirectFlow>b__1>d.MoveNext() --- End of stack trace from previous location where exception was thrown --- at Microsoft.AspNetCore.Builder.Extensions.UsePathBaseMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Builder.Extensions.UsePathBaseMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Server.IIS.Core.IISHttpContextOfT1.ProcessRequestAsync()

Any idea?

5

Hi,

Based on my prior experience i am sharing my thoughts on the issue.

if we are changing or renewing certificate. please make sure that we are using the same identity URL. and also check the new AD certificate what domain they have given.

If we don’t have any changes in the Domain(mostly *.yourdomain.com) please import your new certificate into personal stores and server certificates in the IIS server. And also check the bindings to make sure that it is connect to that domain.

if we have any changes in the URL we have to follow the steps in the below link to make changes at our end. thanks.

Changing the Orchestrator / Identity Server URL (uipath.com)

6

Hey,
I’m afraid that better will be contact with UiPath Support:

7

Thanks.

Now it works again. IIS_IUSRS entry was missing for certification

8

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.