Robot Event Viewer logs: UiPath.Service.Orchestrator.Clients.OrchestratorHttpException: Forbidden

In the Robot Event Viewer logs, how to resolve the following error message : UiPath.Service.Orchestrator.Clients.OrchestratorHttpException: Forbidden' ?

Issue Description : In the Robot Event Viewer logs the following error message was identified: UiPath.Service.Orchestrator.Clients.OrchestratorHttpException: Forbidden

Diagnosing Steps / Resolution :

  1. Check the IIS logs to see if a request made it to Orchestrator.
    • Go to the IIS logs on the Orchestrator server. (For default configuration this is typically: C:\inetpub\logs\LogFiles\W3SVC2)
    • Search for a request with with status code 403. The request would look something like <Time Stamp> <Server IP> <Method> <request URI> - 443 - <Client IP> - - 403 0 0 58
  2. If a message like the one in the above step is found, check that the Robot has permissions to access the required API. For example, if the URI relates to assets, check the asset permissions.
    • Usually Orchestrator will not return a message like this to the Robot, so if this is encountered double check our KB articles and consider opening a support ticket.
  3. If no message like the one above is found, let your network admin know. If an error like the above is not found, it means that the request did not reach Orchestrator and was blocked by a WAF or load balancer.
    • Check to see if there is a WAF in the network topology and if it implements standard OWASP 3.1.
      This implementation is common on Azure WAFs. See OWASP CRS 3.1
      Try disabling rule REQUEST-942-APPLICATION-ATTACK-SQLI.
  4. If the network admin is not able to identify where the request is being blocked, consider opening an UiPath support ticket.