We recently upgraded our DEV orchestrator to version 2021.4.0 and as apparently there is a backlog discontinuation of the action catalogs inside the orchestrator.
The application worked for a few weeks, but today when trying to access our action center URL, and clicking on Windows Login, we got the message:
{“StatusCode”:500,“StatusDescription”:“InternalServerError”,“Message”:“OrchestratorClient:GetTenantsAsync returns unexpected status code: Unauthorized”}
If I try to login with the SA user, the application redirects me to the actions page correctly and displays the message:
“You don’t have permission to view this page
If you have access to multiple Orchestrator tenants, try switching to another one from the profile icon. Else, contact your administrator for necessary permissions.”
I’ve tried to recreate the action center environment, but the error persists.
Well, after spending a few hours analyzing Event Viewer logs, I identified the cause of my problem.
When we created Orchestrator from the Development environment, we ended up creating a certificate with the name of the machine we were installing Orchestrator on, as we didn’t yet have the certificate that would point to the domain we created.
When we created the certificate that pointed to the domain we created, we pointed it out in IIS, and that has remained so until today.
So we renewed the certificate that pointed to the correct domain and we forgot the certificate created with the hostname, and when this certificate expired that’s when it started to have problems with Login to Action Center.
When we change the certificate in IIS Binding, the reference also needs to be changed in the Identity Server Config file “C:\Program Files ( x86)\UiPath\Orchestrator\Identity\appsettings.Production.json”
The second line of the image above is my old, invalid certificate that was forgotten and was in the Name property of the Identity Server Config file.
So if you look at the image above, you will see that the name attribute is the same as the Certificate Hash IIS on the first line of the image below.
Lesson learned, if you are going to set up an Orchestrator environment, make sure everything is as it should be, otherwise you will have problems in the future.
Thanks @Jorge_Cavalcante . We understand that your issue has been resolved with your troubleshooting steps. @Ayushya_Jaiswal , for us to review and take away anything to be added to the doc or handled in the setup.
Yes, I managed to solve it, but I believe it’s something they can simplify in the future. Because I might want to change my application’s DNS, and if I do, this work of updating the configs becomes necessary.
ashokkarale
MD_Farhan1
Ajay_Mishra
postwick
Dheerendra_vishwakarma
Anil_G
chandreshsinh.jadeja
Gautham_Pattabiraman
vrdabberu
aravindbalineni123