Orchestrator Azure AD Logon Issue: Error While Contacting Partition Service To Validate The Organization (#404)

What causes the "Error while contacting partition service to validate the organization (#404)" issue during Azure AD logon to UiPath Orchestrator, and how can it be resolved?

Root Cause: The issue arises when a user is part of too many tenants, and the Identity calls the Tenants API with a filter "Key in (...)" containing a list of all tenant IDs. The resulting URL has a query string that is longer than the default IIS limit of 2048 characters. This causes the "Error while contacting partition service to validate the organization (#404)" issue during Azure AD logon to UiPath Orchestrator.

Resolution: To resolve the issue when a user is part of too many tenants, follow these steps to increase the character limit in IIS,

  1. Open IIS Manager by typing 'inetmgr' in the Run dialog (Win + R) and pressing Enter.
  2. In the IIS Manager, navigate to the Orchestrator site in the "Connections" pane on the left side.
  3. In the middle pane, scroll down to the "Security" section and double-click on the "Request Filtering" icon.
  4. In the "Actions" pane on the right side, click on "Edit Feature Settings."
  5. In the "Edit Request Filtering Settings" dialog, you'll see two fields: "Maximum URL length" and "Maximum query string length." Increase the values as needed. For example, you can set "Maximum URL length" to 4096 and "Maximum query string length" to 2048.
  6. Click "OK" to save your changes.
  7. Perform an IIS reset after making the change.

By increasing the character limits as described above, the authentication error can be resolved when logging in to UiPath Orchestrator using Azure Active Directory for users who are part of a large number of tenants.