Error fix for "The page isn't redirecting properly" that appears when accessing Orchestrator 2020.4.1 .

Error Message : When accessing Orchestrator 2020.4.1, the following error appears:

In Event Viewer, below error is logged:

IDX20803: Unable to obtain configuration from: '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.System.InvalidOperationException: IDX20803: Unable to obtain configuration from: '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
at async Task Microsoft.IdentityModel.Protocols.ConfigurationManager.GetConfigurationAsync(CancellationToken cancel)
at async Task Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectAuthenticationHandler.ApplyResponseChallengeAsync()
at async Task Microsoft.Owin.Security.Infrastructure.AuthenticationHandler.ApplyResponseCoreAsync()
at async Task Microsoft.Owin.Security.Infrastructure.AuthenticationHandler.ApplyResponseAsync()
at async Task Microsoft.Owin.Security.Infrastructure.AuthenticationHandler.TeardownAsync()
at async Task Microsoft.Owin.Security.Infrastructure.AuthenticationMiddleware.Invoke(IOwinContext context)
at async Task Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.IntegratedPipelineContextStage.RunApp(Func<IDictionary, Task> entryPoint, IDictionary environment, TaskCompletionSource tcs, StageAsyncResult result)
at async Task Microsoft.Owin.Security.Infrastructure.AuthenticationMiddleware.Invoke(IOwinContext context)
at async Task Microsoft.Owin.Security.Infrastructure.AuthenticationMiddleware.Invoke(IOwinContext context)
at async Task Microsoft.Owin.Security.Infrastructure.AuthenticationMiddleware.Invoke(IOwinContext context)
at async Task Microsoft.Owin.Security.Infrastructure.AuthenticationMiddleware.Invoke(IOwinContext context)
at async Task Microsoft.Owin.Security.Infrastructure.AuthenticationMiddleware.Invoke(IOwinContext context)
at async Task Microsoft.Owin.Security.Infrastructure.AuthenticationMiddleware.Invoke(IOwinContext context)
at async Task UiPath.Orchestrator.Web.Owin.GlobalExceptionMiddleware.Invoke(IOwinContext context)

Checking IIS and find application "Identity" and "Webhooks" are stopped:

Manually starting "Identity" and "Webhooks" does not work.


Root Cause #1: This is caused by the user account password change.

1. For "Identity" and "Webhooks", go to Advanced Settings -> Identity -> Custom Account -> Set -> Put the updated username and password:

2. Then reset IIS, start application "Identity" and "Webhooks".

3. If this does not fix the issue, also check that the certificate is valid via the following steps:
   1. Please check if the certificate has Signature Algorithm sha25RSA ,

• Subject- CN=correct Orchestrator domain,
• check if the certificate is signing-capable, you can use bellow command :
• certutil -v -store my your_cert_thumbprint |? { $_ -like '*KeySpec*' }
  • Results 1 (AT_KEYEXCHANGE) or 2 (AT_SIGNATURE) mean it's signing-capable;
  • Result 0 means it is not

• Certificate details
• appsettings.Production.json

• If it is different, update the appsettings.Production.json with the Thumprint , save the file, and restart the IIS website.

Another case where the same error message was found in the event log was when LoadBalancer existed and the IIS binding had host name configured to the Orchestrator server name. The DNS resolved the Orchestrator name to the LoadBalancer. IdentityServer could not match the IP and failed.

Workaround is to remove the hostname in the IIS site binding.


Root Cause #2: The error could also happen when Identity Server setting is not correct.

In Azure AppService setup, check the setting in the Setting - Configuration for the Identity server.

Change it to "https://(Identity url)/identity", which should be the same as the value of key 'IdentityServer.Integration.Authority' in the Orchestrator instance.