Anaplan connect error - Anaplan API : Basic Authentication Failed!

Hello Anaplan Community,

I am currently facing an issue with Anaplan Connect. I have made an import script and when I run it on my laptop it works completely fine. But when I sent it to the client IT team, it did not work! The command keeps attempting to request the API until it gets to the following error message : Anaplan API : Basic Authentication Failed! (Rertyable: auth.anaplan.com executing POST https://auth.anaplan.com/token/authenticate (unknown host: auth.anaplan.com))

They are running the same JAVA and anaplan connect versions as me and they made sure the anaplan URLs are whitelisted. I am not sure what could possibly be the reason behind this error. Any ideas?

Thank you in advance!

Accepted answers

All comments

M.Kierepka

Hi @wsellami,

Can you enable debugging for your script (add "-d" at the beginning of your operation) and show what you got? Based on the information you gave, it is indeed some problem with whitelist/DNS, so make sure they are whitelisted (https://support.anaplan.com/domain-and-ip-ranges-c8235c7d-8af2-413b-a9ff-d465978806b9) and try to ping/traceroute auth.anaplan.com from client's machine.

wsellami

Hello @M.Kierepka, thank you for your answer.

It is already the case in my script : set Operation=-debug -service %ServiceUrl% -auth %AuthUrl% -workspace %WorkspaceId% -model %ModelId% -file %FileName% -put %FilePath% -process %ProcessId% -execute -output %DumpName%

And yes, I'm starting to think it is indeed related to the URLs whitelisting but they keep saying that the already whitelisted the URLs so I am not sure about the solution.

ryan_kohn

@wsellami Did you try having the client ping auth.anaplan.com from their machine? How did you end up resolving this?

wsellami

Hello @ryan_kohn, thank you for your answer. I asked them to do it but they are not allowed to ping URLs on their machines for security reasons so it is a bit complicated to find the reason behind this blocage.

I still have not found any solution, I have reached to Anaplan support for help to see if they can provide any insight on this.

Stacey_Gibbens

It looks like the script is using your user account to authenticate ("when I run it on my laptop it works completely fine"). When you send it to the IT Team, whoever is trying to run it have an Anaplan account and the authentication fails. Your script should have parameters for user and authentication method, not just -service %ServiceUrl% -auth %AuthUrl%.

To have your IT Team schedule and run your Anaplan Connect scripts, you'll need to have a service account set up and added as a user in your Anaplan tenant. It will need to be a workspace admin and also set up to log in outside of SSO. Additionally, you will either need to have it set up to use basic authentication (plain text password -- NOT RECOMMENDED) or a CA Cert.

If this is not enough of an answer to help you through, let me know. I can provide a bit more guidance (preferably with both you AND your IT resource) to get this working.

Good luck!

Stacey

wsellami

Hello @Stacey_Gibbens, thank you for the information you provided.

Both scripts used on my laptop and the IT laptop use the same account to authenticate (WP Admin/No SSO) with the user and the password specified. What do you mean by specifying parameters for user and authentication method? Do I need to add a set line for the credentials? If so, then why does the script work on my laptop?

We will end up using the CA Cert once the tests are done using Basic Authentication.

I would gladly have you take a closer look to the issue if you like, let me know how I can reach out to you!

Stacey_Gibbens

Hello, @wsellami,

Included in your Anaplan Connect download, there should be a few sample .bat files that provide a starting point for creating your integrations. The much of the contents of the "basic authentication" script is below:

set AnaplanUser="Username:Password" (***what do you have here?***)

set WorkspaceId="My Workspace"

set ModelId="My Model"

set ServiceUrl="https://api.anaplan.com"

set AuthUrl="https://auth.anaplan.com"

set FileName="FileName from Import data Source"

set FilePath="FilePath on the Client"

set ImportName="Import Action"

set DumpName="Client Location for Dumping the Errored data from Import"

set Chunksize=1

set Operation=-debug -service %ServiceUrl% -auth %AuthUrl% -workspace %WorkspaceId% -model %ModelId% -chunksize %Chunksize% -file %FileName% -put %FilePath% -import %ImportName% -execute -output %DumpName%

rem *** End of settings - Do not edit below this line ***

setlocal enableextensions enabledelayedexpansion || exit /b 1

cd %~dp0

if not %AnaplanUser% == "" set Credentials=-user %AnaplanUser% (***this is where the authentication "rubber hits the road"***)

set Command=.\AnaplanClient.bat %Credentials% %Operation%

@echo %Command%

cmd /c %Command%

pause

I guess the basis of my question around authentication is what username and password to you have listed in the very top line? Because that should be your integration account credentials. I'm guessing that's not populated right now.

See that part towards the end that is marked "where the rubber meets the road"? That translates to, if the person running this script is NOT set up as a user in Anaplan (which you are), then use the integration account user credentials at the top to run this script, else execute this script in Anaplan as the person running the script.

When you're running the script on your laptop, I'm guessing that your Anaplan user account is being used to execute the script, because your organization is set up with SSO. If you give this script to a person who is not an Anaplan user and you haven't populated that top line set AnaplanUser="Username:Password" then the authentication is going to fail, since there's no valid Anaplan user to authenticate with.

Let me know if this clarifies the situation enough for you to move past the authentication issue!!

Best regards,

Stacey Gibbens

Stacey_Gibbens

Also, I would do a test where you're sitting next to each other in a conference room in the office working together to troubleshoot this (using the same wi-fi, going through all the same firewalls, etc.). If the scenario is the same (you can run the script successfully but they cannot), then I would check into what kind of group policy differences are in place between the laptops executing the scripts. There may be some kind of difference that isn't easily apparent that is impacting how the script runs.

Stacey

ryan_kohn

@wsellami The last thing I can suggest looking at is Anaplan's published Domain and IP ranges that can be used for whitelisting. Depending on their IT configuration, they may need to whitelist additional IP addresses. Per that page, for auth.anaplan.com, the traffic is routed through Cloudflare. Cloudflare publishes it's IP ranges on their website: www.cloudflare.com/ips/.

If this doesn't resolve the issue, I'd suggest escalating through their IT team to be able to trace the traffic and find out where it's being blocked.

Quick Links

Can you help?

Unanswered questions

Excel date format for February 2030, 2031 and so forth don't align with Anaplan format
Hello, I’m running into a recurring issue when importing CSV files into Anaplan, specifically with dates in February for the years 2028, 2029, and beyond. Here’s what’s happening: In Excel, the date format is set to Custom (e.g., 2/26/2025). When imported into Anaplan, the date is interpreted as 26-Feb, where: Month = Feb…
RANKCUMULATE not working when adding additional dimensions to module
I have an issue where I am getting the expected result from RANKCUMULATE when using one dimension, but when I add an additional scenario dimension to the module, it doesn't calculate the way I'd expect. Here are some screenshots to explain the case: Module 1 - calculates cumulative total for list items in list "Age"…
Introducing Anaplan API Python SDK
Hey everyone, I wanted to share the Anaplan Python SDK with you. It's a Python Library that wraps all Anaplan APIs and makes it easier to interact with Anaplan programmatically. It is mostly designed with Data Integration Scenarios in mind, but it does support all APIs including ALM, SCIM, Audit, and Cloud Works. Please…