Sitecore Command Line Interface (CLI) serialization commands might result in the following message after running:
You are not authorized to perform the task you are attempting. You may need to be assigned additional permissions.
To troubleshoot the issue, consider the following steps:
- Ensure that the Identity Server instance is up and running and that it is enabled in the runtime configuration of your CM instance. An example of an incorrect configuration:
<identityProvider id="SitecoreIdentityServer" type="Sitecore.Owin.Authentication.IdentityServer.IdentityServerProvider, Sitecore.Owin.Authentication.IdentityServer" resolve="true" patch:source="Sitecore.Owin.Authentication.IdentityServer.Disabler.config">
<caption>Go to login</caption>
<domain>sitecore</domain>
<enabled>false</enabled>
- Check that the login command is correct. In particular, check the hostnames of Content Management and Sitecore Identity instances and other parameters.
- Check that --allow-write true parameter is present in the login command.
- identityServerAuthority setting value and the value of the --authority parameter in the Login command should be the same.
- identityServerAuthority setting value in the runtime configuration should not contain a slash in the end. An example of an incorrect value:
<sc.variable name="identityServerAuthority" value="https://sc1030id.com/" />
- If the passwordStrengthRegularExpression attribute was added for the default SQL membership provider in web.config file, try to remove it temporarily and reproduce the issue.
- If the externalUserBuilder node was overwritten, try to remove such customization temporarily and reproduce the issue. The default type is the following:
type="Sitecore.Owin.Authentication.Services.DefaultExternalUserBuilder, Sitecore.Owin.Authentication"
- Try using both interactive and non-interactive login methods to log in to a Sitecore instance and reproduce the issue.
- Ensure that the environment where the CLI commands are executed has access to Content Management server. Try allowing all incoming traffic on Content Management and replicate the issue.
- Open the User Manager and check if the CLI user (for example: sitecore\eRDfptzc8G) is not disabled and has the Administrator role.