UiPath.IdentityServer.Web.Controllers.UI.ErrorController Got An IS4 Error With Id "xx", Details: {"Error":"unauthorized_client", "ErrorDescription":"Unknown Client Or Client Not Enabled", "RequestId":"xx", "ClientId":"xx"}

What is the error fix for - " UiPath.IdentityServer.Web.Controllers.UI.ErrorController Got an IS4 error with id "xx", details: {"Error":"unauthorized_client", "ErrorDescription":"Unknown client or client not enabled", "RequestId": "xx", "ClientId":"xx"} " ?


Issue Summary:

An Orchestrator instance will have unique Client IDs and Secrets that are securely stored in the database. The aforementioned error occurs due to a mismatch in these IDs and secrets. This usually happens when:

  • Manual changes are made within the client tables in the database
  • A DB/Orchestrator migration is done improperly
  • Some sort of DB corruption occurs
  • An improper attempt to upgrade the Orchestrator instance or restore a previous instance is done
For a migration/reinstallation/restore of an Orchestrator instance, follow these steps: Create A Secondary Instance Of Orchestrator For A Side By Side Upgrade


Manual Steps to Alleviate the Issue:

Note: These steps should not be performed unless absolutely required. Manual modifications like these may affect the robustness of the setup.
  1. Log into the SQL database and right-click on the "identity.Clients" table.
  2. Click on Select TOP 1000.
  3. Note down the clientID for "ClientName Orchestrator.S2S" and "Orchestrator.OpenID".
  4. Open the Orchestrator "UiPath.Orchestrator.dll.config" (2020.10) or "web.config" file (2020.4) in a text document and verify the following:
    1. The key IdentityServer.Integration.ClientId value matches the Orchestrator.S2S clientId from the database. If it does not, copy the database value into the orchestrator.dll.config/web.config
    2. The key ExternalAuth.System.OpenIdConnect.ClientId value matches the Orchestrator.OpenId clientId from the database. If it does not, copy the database value into the uipath.orchestrator.dll.config/web.config
    3. Verify IdentityServer.Integration.ClientSecret value as well in the uipath.orchestrator.dll.config/web.config file
    4. Verify ExternalAuth.System.OpenIdConnect.ClientSecret value as well in the uipath.orchestrator.dll.config/web.config file
  5. The value from [identity].[ClientSecrets] is a hashed value of the configuration one. Copy the configuration value and rehash it using https://cryptii.com/pipes/fpEyXg
image.png

  1. Perform "iisreset" and reload the Orchestrator website
  2. Update the value from the right side in the [identity].[ClientSecrets] and the affected functionality should start working.
  3. In case of connecting robots, the robots will need to be recreated for the Secret to reseed.