Error 34/73: Management authorization refused

IN THIS ARTICLE:

Description

Errors 34 and 73 are FASP errors that refer to a transfer user’s lack of authorization to perform a transfer.

Transfer users must have authorization to upload and download files from an Aspera server, and this authorization can come from the server, or from an external provider. Additionally, transfers themselves must have the authorized level of protection on them, whether this includes encryption or content protection.

Examples of this error

Depending on what kind of authorization is lacking, different error messages can result from this error code.

On the command line and in the transfer status column of the GUI, the error message takes on the following form:

Server aborted session: Management authorization refused: Error

Error can be any of the following:

  • user username denied by server
  • undefined token
  • token denied by server
  • Client requests stronger encryption than server allows
  • Server requires stronger content protection passphrase

Below is an example of this error as it can be recorded in the logs. The aspera-scp-transfer.log file records helpful information for each attempted transfer, labelled by the date and time attempted. For a reference of the location of this log file on your system, please see this article (Where are the Client or Server logs located?).

2015-09-16 17:46:56 [273c-00002238] ERR FASP sender had error, errcode 73 errstr [Server aborted session: Management
authorization refused: user acampos denied by server]
2015-09-16 17:46:56 [273c-00002238] ERR Peer FASP receiver had error, errcode 73 errstr [Management authorization
refused: user acampos denied by server]
2015-09-16 17:46:56 [273c-00001afc] LOG FASP Session Start uuid=5d53ece3-6b41-41f9-b1c8-8496c117be65 op=send
status=failed errcode=34 errstr="Unauthorized"

Troubleshooting

To check the authorization configurations on the server, open the GUI application and click the Configuration button. On the left panel, choose either Global, Groups or Users depending on if you would like the authorization settings to apply to all transfers, to transfers involving users in a particular group, or to transfers from a particular user.

On the right panel, select the Authorization tab. These options configure a transfer user’s authorizations, and any misconfiguration here leads to this error.

authorization_configs.jpg

Below are more details on the various authorization error messages and which authorization configuration option they correspond to.

user username denied by server

This error points to a lack of authorization for uploads or downloads.

The configuration options that can cause this error are the following:

  • Incoming Transfers
  • Outgoing Transfers
  • Incoming External Provider URL/Incoming External Provider SOAP Action
  • Outgoing External Provider URL/Outgoing External Provider SOAP Action


Incoming Transfers is the authorization for uploads to the server, and should be set to allow if you want to authorize uploads. Similarly, Outgoing Transfers is the authorization for downloads from the server and should be set to allow if you want to authorize downloads.

The external provider options can cause this error if not configured properly. If you use an external authorization provider, ensure the URL and SOAP options are configured correctly, and that the transfer user is authorized by the external provider. If you don’t use an external authorization provider, these options should be left blank.

undefined token

The configuration options that can cause this error are the following:

  • Incoming Transfers
  • Outgoing Transfers

This error occurs when either of these options is set to token and a transfer is attempted to or from the server directly (in other words, connecting to the Aspera server through the GUI or ascp). Tokens are meant to be used by web-based transfer applications such as Faspex or Shares, so setting these options to token effectively blocks direct transfers that don’t require a token.

Set these options to allow if you would like to authorize direct uploads or downloads from the server.

token denied by server

This error occurs when a token for a transfer expires. Tokens are used for transfers made through web applications such as Faspex. A token expires after the configured time period ends, such as if a user starts a transfer but doesn’t complete it for an extended amount of time.

Please see the following article for more details on troubleshooting this error-- Faspex: "Management authorization refused: token denied by server".

Client requests stronger encryption than server allows

This error occurs for encrypted transfers uploaded to a server that only accepts unencrypted transfers. Please see the following article for more details on troubleshooting this error-- Error: Client requests stronger encryption than server allows.

Server requires content protection

This error refers to transfers that did not meet the level of content protection required by the server.

On the server, the option that configures this requirement is Content Protection Required. If Content Protection Required is set to true on the server, uploads must be protected with a passphrase.

This can be done by right clicking a file or folder and selecting Upload. From here, choose the Security tab and enable Content Protection.

Server requires stronger content protection passphrase

The option on the server that leads to this error is Strong Password Required for Content Encryption. When this is set to true, passwords applied on transfers for Content Protection must be at least 6 characters long and contain at least one letter, number and special symbol. Users receive this error when their passwords don’t meet this criteria.

Have more questions? Submit a request

0 Comments

Article is closed for comments.
Powered by Zendesk