I have just upgraded our on-prem Orchestrator from 2019.10.x to 2121.4.2.
We have two tenants, development and production. We use Windows domain accounts to log in to Orchestrator. I can log in to the Production tenant fine and can see everything and our robots seem fine and jobs are running, however I cannot log into the development tenant in the same Orchestrator. When I try to log in to the development tenant I get this error displayed in a red box on screen:
The user is not a member of the specified AD domain. (#1018)
I was able to log in to the production tenant without the app pool account having load profile = true in the app pool but I set it to true anyway and that did not fix the issue.
The windows event log on the Orchestrator server contains the following:
Cannot create external login for S-1-5-21-2467367700-4178202898-133568193-63824UiPath.Orchestrator.Core.Exceptions.BusinessConflictException: Error code - 1028, Message - ‘Email ‘my.name@thecompanyiworkfor.com’ is already taken.’
at async Task UiPath.Orchestrator.Application.Users.UserService.CreateAsync(UserDto input, UserCreateContext context)
at async Task Abp.Domain.Uow.UnitOfWorkInterceptor.InternalInterceptAsynchronous(IInvocation invocation)
at async Task Abp.Domain.Uow.UnitOfWorkInterceptor.InternalInterceptAsynchronous(IInvocation invocation)
at async Task Abp.Runtime.Validation.Interception.ValidationInterceptor.InternalInterceptAsynchronous(IInvocation invocation)
at async Task UiPath.Orchestrator.Application.Provisioning.DirectoryProvisioner.ProvisionUserAsync(DirectoryUserDto directoryUser)
at async Task UiPath.Orchestrator.Application.Provisioning.DirectoryProvisioner.LoginUserAsync(DirectoryIdentifier directoryIdentifier)
at async Task UiPath.Orchestrator.Security.Auth.Common.UserMapping.DirectoryUserMapper.MapLoginAsync(DirectoryIdentifier directoryIdentifier, string tenancyName)
at async Task UiPath.Orchestrator.Security.Auth.Common.UserMapping.IdentityUserMapper.MapLoginAsync(ExternalLoginInfo info, string tenancyName)
at async Task UiPath.Orchestrator.Controllers.AccountController.GetExternalProviderLoginResult(ExternalLoginInfo externalLoginInfo, string tenancyName)
So it appears that Orchestrator is unable to successfully migrate my account to the new way of working in the background when I log in as it has already been created for the production tenant.
The way we were authenticating wasn’t supported any more.
We had to switch to using windows auth for one tenant and local accounts using the login form for the other tenant.