Orchestrator API Error " You are not authenticated!" thrown in clustered environment.

Issue Overview: When trying to authenticate against the Orchestrator API, the following error is returned: “You are not authenticated!”.

Root Cause: This can happen when Orchestrator does not think the user is authenticated. It means that authentication was not done correctly or that Orchestrator has a configuration issue.

Usually the issue is in how the API request is made, as configuration issues on Orchestrator that break authentication would also break normal user login.

Troubleshooting Steps:

1. For all the below steps, make sure that the tests are performed on the client where the commands are failing.
2. Try performing authentication via swagger,

1. Go to \Swagger
2. Under the field “Account”, select the API /api/Account/Authenticate
3. Try authenticating. This method will just use Basic Authentication, but that is OK because if authentication is broken, it should not work for basic or windows authentication.

3. If Swagger authentication works, that means that Authentication works. Most likely the issue is with how the request is being made. See below

1. See our documentation: About OData And References
2. If using Postman, make sure to clear any cookies
3. If using the Github scripts located at: Orchestrator Powershell, make sure to check out the examples that are given.

4. If authentication works, but subsequent commands fail, go to the section Intermittent Failure.
5. If the above step did not help, open a ticket with UiPath Support. Send the UiPath.Orchestrator.dll.config and web.config for Orchestrator. (If in a multi-node environment, send the files of each node.)

Intermittent Failure: If it is possible to authenticate against the API, but subsequent messages return “You are not authenticated!” it usually means that something is configured incorrectly on Orchestrator.

1. Common scenario is in a multinode Orchestrator instance. In this case, that would mean Redis is not synced correctly.

• Try flushing Redis – From a the redis machine, execute $redis-cli FLUSHALL

2. If the Orchestratator instance is multi-node and hosted as an Azure web app, make sure that the ARRAffinity header is not being used in requests

1. Read Disabling Arrs Instance Affinity In Windows Azure Web Sites/
2. If this setting is enabled, try disabling it. If that is not possible then the API can still be used, but the ARRAffinity header will need to be included in any API requests.

3. Try tracing the HTTP requests in the IIS logs. Try to see if the node where authentication is occurring is also the node where the subsequent commands are sent.

• Hint: In the IIS logs just search for the API calls being made.

4. In the web.config file check the value of: Auth.Cookie.Expire

• The default is 30 minutes
• If could be that the authentication token used in the API request is expiring.

5. If none of the above helps, open a ticket with UiPath Support.

Debugging HTTP Requests

1. To gain clarity on the request that is being made, try using cURL to execute the HTTP request from the command line

1. In windows “-v” outputs both the HTTP request and Response. On Unix like systems the option is -k
2. Executing the command with cURL is an excellent way to see the HTTP request that is being made
3. Swagger gives examples of the cURL command that can be used after executing successfully
4. If powershell is preferred use Invoke-WebRequest (this is actually just an alias for cURL)

2. Try using Fiddler to capture the requests from where the API request are being made. Read Capturing-traffic-with-fiddler
3. Swagger requests can be captured using a web debugger
4. Comparing working and non-working requests typically provides insight into why a request is failing.