Orchestrator 2019 WebAPI Error: Blocked unauthorized request from domain\username

Question

Currently using the latest version of Orchestrator WebApi for 2019 which doesn't use silverlight. Followed instructions as per https://techcommunity.microsoft.com/t5/system-center-blog/a-brand-new-web-console-for-orchestrator-2019/ba-p/3040427. The WebAPI is hosted on a server which is part of a different domain to SQL box but in every other sense the server role is runbook server and is able to execute runbook workflows successfully. It is just the WebAPI element which doesn't work. When I try http://localhost:5001/api in MS Edge I keep getting {"Error": "Blocked unauthorized request from (DOMAIN\USERNAME)."}

Any help appreciated.

Answer 1

Hi,

check in Runbook Designer that the account that access webapi has permissions from the top-level folder Runbooks to the Runbook that should be accessed.

Regards,

Stefan

Answer 2

Hi,

The error message you are encountering, "Blocked unauthorized request from (DOMAIN\USERNAME)," suggests that the request to the Orchestrator 2019 WebAPI is being blocked because the user making the request does not have the necessary permissions or is not authenticated properly.

For troubleshooting:

• Use the Application Event Log for the WebAPI
• Open the client's Browser Console (F12) to look at the WebConsole errors

Answer 3

F12 Console in MS Edge shows this message "Failed to load resource: the server responded with a status of 403 (Forbidden).

To be clear this is our setup:-

• SCORCH Management Server in Domain A
• SCORCH Runbook Server in Domain A. WebApi/Console works fine.
• SQL Server in Domain A
• SCORCH Runbook Server in Domain B. This is where the WebApi problem lies.

Answer 4

Thanks Stefan your suggestion worked. Never would have guessed that one.