Troubleshooting Invalid Credentials (MTI_7) error

News Knowledge Base
, , , , ,
1

Why is error “Invalid credentials (#MTI_7)” thrown when logging in with a default local account, such as a tenant admin?

Description: The “Invalid credentials (#MTI_7)” error is the Orchestrator generic error for an account email or password mismatch or from API calls where there is a bearer token mismatch.

For default local accounts, such as Host or tenant admin accounts, where the password is not expected to change frequently, this error may indicate a recent password change or a misconfiguration requiring additional investigation, such as an expired certificate. See Invalid Credentials (MTI_7) error, when resetting an user password.


Resolution:

  1. In situations where a user has lost their password, use the documented password reset process.
  2. For most situations where control of a default local account has been lost, such as with an organizational change, control can be regained by resetting the admin password.
  3. To help identify the specific circumstances in situation, generate a HAR file capturing an attempted login by an affected user, sharing it in the case email thread. A 401 error response to the GET https://{OrchestratorURL}/identity/windows_login_callback may indicate that a network security policy is preventing login from that machine. You can review the "401_error_redacted.har " using Google's HAR Analyzer, using the filter in the upper right corner to find "401".

  1. If no errors are found in the HAR file, please share the output of the following SQL query, user_login_failure.sql,
SELECT TOP (50) [Id]

     ,[UserName]

     ,[Email]

     ,[NormalizedEmail]

     ,[EmailConfirmed]

     ,[AccessFailedCount]

     ,[MasterPartitionId]

     ,[Type]

     ,[IsDeleted]

     ,[IsFirstLogin]

     ,[IsActive]

     ,[Name]

     ,[Surname]

     ,[CreationTime]

     ,[LastModificationTime]

     ,[LastLoginTime]

     ,[DeletionTime]

     ,[LastPasswordChangeTime]

     ,[LegacyId]

     ,[BypassBasicAuthRestriction]

     ,[InvitationAccepted]

     ,[DirectoryId]

     ,[DirectoryUsername]

     ,[DisplayName]

FROM [UiPath Identity].[identity].[AspNetUsers]

where Email = 'user@domain.com'

 

SELECT *

FROM [UiPath].[dbo].[Users]

where EmailAddress = ‘user@domain.com’

 

SELECT *

 FROM [UiPath].[dbo].[Tenants]

  1. Save the output of each section into a separate CSV file with an appropriate name, such as AspNetUsers.csv, Users.csv, and Tenants.csv.
  2. Share these files through the case email thread or through the Customer Portal.