Hi All,
Facing issue in download/upload storage bucket file through UiPath activities and manually as well with error “403 - this request is not authorized to perform this operation”.
The robots were working fine till last night 10 PM and started failing with this error after 10 PM. I’m the administrator and even I cannot download/upload files anymore (I have all the permissions)
We have UiPath PaaS (Private cloud) - 22.4.3
Regards,
Sruthi Surendran
Welcome to the community
you mean yours is on prem installation?
then please logon to orchestrator server and check the event viewer logs with the timestamp you have and find what error you see there
based on them we can see the next steps
Also your orchestrator is pretty old I would suggest to upgrade as it is already out of support as well
cheers
Is no one able to upload/download on storage bucket even manually?
As you are the UiPath enterprise user, have you raised a support ticket to UiPath or talked to your customer manager about this?
Hey @sruthi.surendran ,
The 403 error is usually an indication of either access permissions or network connectivity. To start with, I’d say, please check the activity logs of the Storage account to see if any changes were made to the access level. If you are also not able to download the files manually from the system, my first guess would be the NSG rules. Check if your source IP (from where you tried downloading the files) is whitelisted in the storage account NSG.
Check if this is applicable for you:
Palo Alto launched a new content update blocking storage buckets. If the customers/users are using a Palo Alto firewall and if using DU, Storage buckets, Action Center or anything that has to do with buckets run into
The underlying connection was closed: An unexpected error occurred on a send.
Example
Failed to process document. Exception: UiPath.DocumentUnderstanding.Persistence.OrchestratorException: The underlying connection was closed: An unexpected error occurred on a send.
at UiPath.IntelligentOCR.Activities.BaseOrchestratorClientAsyncActivity.ThrowIfNeeded(Task task, Boolean suppressThrowException)
at UiPath.IntelligentOCR.Activities.BaseOrchestratorClientAsyncActivity.EndExecute(AsyncCodeActivityContext context, IAsyncResult result)
at System.Activities.AsyncCodeActivity.System.Activities.IAsyncCodeActivity.FinishExecution(AsyncCodeActivityContext context, IAsyncResult result)
at System.Activities.AsyncCodeActivity.CompleteAsyncCodeActivityData.CompleteAsyncCodeActivityWorkItem.Execute(ActivityExecutor executor, BookmarkManager bookmarkManager)
In theory, it can be checked to Log in to your Palo Alto support portal (or your vendor’s content update release document) and look for the Applications & Threats Content Update release notes.
On the “New and Modified App-IDs” list (as referenced) filter for the App-ID name azure-storage-accounts-base.
Update your security policy / documentation accordingly: ensure that azure-storage-accounts-base is allowed (or appears in your allow-list) instead of (or in addition to) the older App-ID you had documented.