Information

Article Type	Solution Article

Scope/Environment	reach/architect ADFS env

Symptoms/Context

If the publish error is a cannot create session error 401 unauthorized then it is possible we are not validating the same ADFS information as the Reach environment.
Check the Batch server or server publishing from Architect to Reach.

Command Shell error:

ERR: Remote::InitLiveContent  -> gave error: Exception calling "CreateSession" with "0" argument(s): "The remote server returned an error: (401) Unauthorized." at line 144 position 5ERR: Remote::InitLiv

Resolution

updated the Architect publishing file to point to the same ADFS server as Reach.

(\\InfoShare\App\Utilities\PublishingService\Tools\FeedSDLLiveContent.ps1.config)

checked the LiveContentSSO.xml reference to a keystore for the new certificate.

(\Apache Software Foundation\Tomcat 9.0\webapps\ContentDelivery\WEB-INF)

If the customer is using batch servers and they are configured via STS then add the replying parties to the Collaborative review server on each of the batch servers.
Set-ISHSTSRelyingParty -Name "https://hostname.URL.com/ContentDelivery/" -Realm "https://hostname.URL.com/ContentDelivery/" –LC
https://sdl.github.io/ISHDeploy/13.0/Commands/Set-ISHSTSRelyingParty.html

Root Cause

FeedSDLLiveContent.ps1.config was pointed to a different ADFS environment.
Or CACERTS environment does not contain the updated certificate

Reference

Also see:
Troubleshooting Relying parties and Certificate issues
LiveContent Reach: Error message after update with new certificate: 401 unauthorized error

Attachment 1

Attachment 2

Attachment 3

Attachment 4

Attachment 5

Knowledge Center, Tridion Docs - certificate update leads to publish 401 unauthorized

Information