Intermittent 401 Unauthorized on REST API


We have an app that is using camunda-external-task-client-java 1.0.1 to fetch External Tasks from our F5 load balanced Camunda (7.9.5-ee) instances hosted in WAS 9 servers (2 instances). Camunda is integrated with AD. When our app tries the fetch and lock, some of the 10 threads of the connection pool used by the client fail to fetch and lock with the following error, but seem to eventually be successful on subsequent tries:

org.camunda.bpm.client.impl.EngineClientException: TASK/CLIENT-02001 Request 'POST http://camunda:20000/engine-rest/external-task/fetchAndLock HTTP/1.1' returned error: status code '401' - message: Unauthorized
	at org.camunda.bpm.client.impl.EngineClientLogger.exceptionWhileReceivingResponse(
	at org.camunda.bpm.client.impl.RequestExecutor.executeRequest(
	at org.camunda.bpm.client.impl.RequestExecutor.postRequest(
	at org.camunda.bpm.client.impl.EngineClient.fetchAndLock(
	at org.camunda.bpm.client.topic.impl.TopicSubscriptionManager.fetchAndLock(
	at org.camunda.bpm.client.topic.impl.TopicSubscriptionManager.acquire(
Caused by: org.apache.http.client.HttpResponseException: Unauthorized
	at org.apache.http.impl.client.AbstractResponseHandler.handleResponse(
	at org.apache.http.impl.client.CloseableHttpClient.execute(
	at org.apache.http.impl.client.CloseableHttpClient.execute(
	at org.apache.http.impl.client.CloseableHttpClient.execute(
	at org.camunda.bpm.client.impl.RequestExecutor.executeRequest(
	... 6 common frames omitted

This continually happens to some of the threads in the pool, and happens more frequently when there is higher Camunda activity during the day.

We have enabled debug logs and checked the HTTP requests from our app to Camunda and all the headers look fine, basic auth headers include the credentials.

We suspect it might be an issue between Camunda and AD, the Camunda debug logs show no errors, but we suspect it might be because the exception might be eaten silently from something like this:

Do you have any suggestions on how to narrow down our search or validate the connection between Camunda and AD? We’ve tried everything we can think of and are stuck, could use some deeper Camunda insight into this issue.


Hi Naveen,

Since you’re an enterprise customer, you could create a help request in order to get a faster reply. let me know if you need any more details about how you can make a help request.