Can't get license by Setting AD Group

Hi, UiPath community.Please Help me.Thanks you.

i use on-pre 23.4v Orchestrator .

tenant set:
group[TestAA] from AD(Active Directory)
1.with AD groups
2.role with [Allow to be Automation User]
3.[Enable users in this group to run automations]
4.License Type [Attended User]

User[TestUU] from same AD groups[TestAA]
1.from AD
2.role with [Allow to be Automation User]
3.[Enable user to run automations]
4.License Type [Inherit license from user’s group]

folder set:
folder[TestDept]
1.add [TestAA] ,[TestUU]
2.Both be role [Automation User]

error:
when I login in assistant by url ,just show [cannot load automations…unable retrieve a license] .

other try:
1.set License Type [Attended User] to user can normal use assistant.
2.use local group with local user(login by machine) can normal use assistant.

Any suggestions please?

Hi @potsung

Could you please show screenshot from below page?

Go to automation cloud-> admin → licenses → go to your username and please show what license is assigned to you there?

Thanks for your reply.

License:
This account has nothing to do with this matter and is used for other tests

image1877×365 37.8 KB

image1587×543 92.9 KB

tenant setting:

The image shows a user interface for managing access roles, with options to assign roles, manage accounts and groups, and check roles and permissions, with a list of users or groups and their roles displayed. (Captioned by AI)1632×591 53.3 KB

group[TestAA] setting in tenant:

The image shows a user interface for managing group roles and account settings, with various user roles listed on the left and options for Orchestrator UI access, UI profile selection, and update policy settings on the right. (Captioned by AI)1486×705 110 KB

image1427×661 78.4 KB

User[TestUU] setting in tenant:

image1076×802 80.6 KB

image1453×511 59 KB

Folder setting:

image1593×738 74 KB

User[TestUU] setting in Folder :

image768×627 58.8 KB

group[TestAA] setting in Folder:

image823×593 67.1 KB

assistant Interface screen:

image923×871 77.8 KB

log in window event viewer:
UiPath.Service.UserHost 23.4.2.0
[Http Status 404][Orchestrator Error Code 1002]UiPath.Service.Orchestrator.Clients.OrchestratorHttpException: Robot does not exist.
at UiPath.Service.Orchestrator.OrchestratorClientExtensions.EnsureOrchestratorStatusCodeAsync(HttpResponseMessage response)
at UiPath.Service.Orchestrator.Clients.OrchestratorBaseClient.InternalRequestAsync[T](String serviceUrl, HttpMethod method, HttpContent content, Func2 parseResponse, String baseUrl, TokenFactory tokenFactory, TimeSpan timeout, Dictionary2 headers, CancellationToken ct)
at UiPath.Service.Orchestrator.Clients.OrchestratorBaseClient.RequestAsync(String serviceUrl, HttpMethod method, HttpContent content, String baseUrl, TokenFactory tokenFactory, TimeSpan timeout, Dictionary 2 headers, CancellationToken ct)
at UiPath.Service.Orchestrator.Clients.OrchestratorBaseClient.RequestAsync[T](String serviceUrl, HttpMethod method, HttpContent content, String baseUrl, TokenFactory tokenFactory, TimeSpan timeout, Dictionary`2 headers, CancellationToken ct)
at UiPath.Service.Orchestrator.Clients.OrchestratorClient.BeginSession(RobotIdentifier robotIdentifier, CancellationToken ct), HResult -2146233088

Hope this information helps.

1. I gave all the authority I could.
2. group[TestAA] is Security Groups(ad group type).
3. Modern Folder.
4. I heard that it was first installed 8 years ago,After that, upgrade to version 23.4
5. At first I thought it was not a modern folder(In fact, it has always been a modern model)
   so I asked someone to modify the config.I didn’t participate, but I heard that the config related to the modern folder that was not there before was added.
6. Not a cloud version

I suspect that the relationship between the AD group and the members is not available in the Orchestrator.

Does anyone know how to use AD group ?

Or can you give me the modern mode or AD group settings in config, I will ask my colleagues to check it

I have only used orchestrator for 5 days. If you have any relevant information or speculation, please feel free to provide it.

Hi @potsung

Thank you for sharing screenshots!!

Could you please how are you connecting/signing in to assistant.

Could you please click on profile icon in assistant and go to orchestrator settings and show what connection type and value you are providing there to connect assistant to orchestrator.

Also could you please you are logging using user[test AA] on the machine where you are trying to connect assistant to orchestrator? Or you are using some other user? If other user, is that user added to orchestrator? Is the machine you are trying to connect from added to orchestrator?

Regards
Sonali

hi @sonaliaggarwal47

Thank you for your quick reply!!

The image shows a UiPath Preferences window highlighting the Orchestrator Settings, indicating a connection issue due to a missing license while displaying logging details set to "Warning" level. (Captioned by AI)963×813 46.2 KB

i use url to sign in.
sign in Page:

The image is an instruction screen from UiPath informing users to click "Open Application" when prompted by a system dialog, with an option to open a link in the browser. (Captioned by AI)633×403 22.7 KB

answer the questions

1. use url to sign in
2. always logging using user[test AA] on the machine.
3. when use this user in this machine, tenant setting [License Type:Attended User],I can use it normally.

machine setting:

The image shows a web interface with an error message displaying "Internal Server Error" for a failed HTTP response, alongside fields for description and tags requiring input with specific validation criteria. (Captioned by AI)1578×643 72.6 KB

This image shows an interface for editing machine details, specifically a machine named "IT243," with sections for general information, runtime licenses, and a notice about backward compatibility. (Captioned by AI)1495×740 70.2 KB

This image shows authentication details and client secrets for a service, highlighting a client ID, a secret value, and creation date, along with a reminder to securely store the secrets. (Captioned by AI)745×540 38.7 KB

According to the third answer, the machine may be added to orchestrator.

Best Regards

Hi @potsung

Could you try this instead?

1. sign out of assistant
2. change connection type to machine key
3. then provide the machine key of your machine from orchestrator
4. and connect

Hi @sonaliaggarwal47
Thank you for your continued response!!

Try On Machine Like This:

The image shows a UiPath interface with a license retrieval error message, suggesting the user is connected to Orchestrator but cannot load automations, and advising them to contact their automation department. (Captioned by AI)1685×907 204 KB

I haven’t had time to read the articles related to the machine.

From the information I got, the machine is related to unattended license, and the attended license follows the account.
So I have been ignoring the machine.

Would you mind briefly describing the role of the Machine in this? Thanks a lot

Hi @potsung

Thanks for sharing! All good here, I was just trying to see if you are getting the same error via both connection types.

Could you please update your group and user roles to remove robot role from there?

Robot role is not required here as it’s not unattended license.

And then sign in again using url please.

hi @sonaliaggarwal47

Thanks for trying

User[TestUU] role setting in tenant:

The image shows a list of roles, including "USER_MANAGER," "USER_AT," "Allow to be Automation User," and "Orchestrator Administrator," among others. (Captioned by AI)512×345 21.3 KB

group[TestAA] role setting in tenant:

The image displays a list of user roles, including "Administrator," with each role name enclosed in its own rounded rectangle and a close icon. (Captioned by AI)517×357 31 KB

User[TestUU] role setting in Folder:

The image displays a list of various assigned roles such as "Folder Administrator - Custom," "Automation User," and "Administrator" for a selected account. (Captioned by AI)556×308 60.1 KB

group[TestAA] role setting in Folder:

image563×148 7.39 KB

try sign in:

The UiPath interface displays an error message indicating that automations cannot be loaded due to a licensing issue, with options to configure Orchestrator settings and log management. (Captioned by AI)1191×768 83.7 KB

I find that:
When i log out AD account in Assistant.show this in Orchestrator

Finally
I tried to delete the roles I thought were useless.
Will the roles cause differences or errors in the order of reading the license?

Hi @potsung

yes, its a good practice to not assign all the roles as it can interfere with each other. To start with, I would suggest only 3 roles - administrator, allow to be automation user and allow to be folder administrator.

This error message really means that you have configured your user as an unattended robot.

Can you please go to manage access-> go to your user, click on edit and check you have not enabled below check box. if yes, please disable it and save.

The image shows a settings interface for configuring user roles and automation permissions, specifically highlighting an unchecked option to allow unattended robots to run automations for the user "Sonali Aggarwal." (Captioned by AI)1275×457 36 KB

Hi, @sonaliaggarwal47

Thanks for your suggestion

After check,these days, this setting is on the screen.

The image depicts a software setup screen for unattended automation settings, providing options to allow robots to run automations, configure foreground automation settings, and suggesting the use of a Robot account for unattended services. (Captioned by AI)1440×400 80.6 KB

The image shows a data table displaying license information for production environments, with columns for machine details, license status, and toggles indicating active licenses, one of which is highlighted with a red box. (Captioned by AI)1577×717 50.6 KB

After try ,I find that Alert occurs because license active is set to false.
When I set active is true, Alert doesn’t come,but assistant still can’t use by this account.

In here ,License setting’s Template ,Will it cause errors?

A guess

My partener has a guess that if [Url Sign in] coundn’t get license,assistant will try to use [Machine Sign in] .so I get that error message,and this machine didn’t set a license.In the end ,I can’t use assistant.
This is an interesting point of view, I don’t know if it is correct.Do you have relevant information?

Next try

Now,I will try to delete the Machine,then set as new template machine .

@potsung

You don’t need to assign license to your machine.

Go to your machine template and edit runtimes/license there to 0. Basically remove the license from your machine.

Hi , @sonaliaggarwal47

Yes,You are right .
After try, attended and unattended are two different things.
That guess is wrong.
I have couldn’t set machine template runtimes/license to 0.So I delete that machine template .

And I found something strange.

The image shows a user interface for managing robots with details such as name, account type, robot type, and license type, with some information blacked out for privacy. (Captioned by AI)1597×532 49.1 KB

The image displays a software interface listing attended user licenses, showing two users with zero machines assigned and an orange dot indicating their license status. (Captioned by AI)1587×338 19.5 KB

The image shows a UiPath Preferences screen with an error message indicating that it's connected to Orchestrator but unable to retrieve a license, suggesting the user to contact their automation department. (Captioned by AI)1456×771 98.7 KB

User[TestUU] can’t get license from group[TestAA] .But User[TestUU] has a Robot

@sonaliaggarwal47

I am not a native English speaker.
It is difficult for me to express how grateful I am to you.
The requirement I received is to be able to control how many licenses an AD group has.
Today I found that I can control the license by putting the AD User into the local group.
I don’t have more time to spend on this problem, this method temporarily meets my needs.
However, the problem that AD group cannot allocate licenses has not been solved. I will ask my seniors to contact people who can handle it. This will be a long process. If there is any gain, I will share it with the community.

Thank you again for your help, and have a nice day.