Skip to main content

203001 - GCP Authentication Failed

Agent error code #203001 indicates that the GCP API rejected the credentials provided by the agent. The API returned HTTP 401 (Unauthorized).

This error is distinct from authorization failures (#203002), which occur when the credentials are valid but lack sufficient permissions. Error #203001 means the credentials themselves were not accepted.

Common causes include:

  • The service account key JSON configured in Knocknoc is invalid or malformed
  • The service account key has been deleted or rotated in GCP
  • The service account has been disabled or deleted from the GCP project
  • When using Application Default Credentials (ADC), the compute resource does not have a service account attached
  • The ADC token has expired and cannot be refreshed

Steps to Resolve

Verify the Service Account Key (Option A — JSON Key)

  1. In the Knocknoc admin interface, navigate to the backend configuration for the affected GCP backend
  2. Confirm the service account key JSON is complete and valid
  3. If the key was recently rotated in GCP, update the Knocknoc configuration with the new key

Verify the Service Account Exists in GCP

  1. In the GCP Console, navigate to IAM & Admin > Service Accounts
  2. Confirm the service account exists, is enabled, and belongs to the correct project
  3. If the service account was deleted, create a new one and update the Knocknoc configuration

Verify Application Default Credentials (Option B — ADC)

  1. Confirm the VM or GKE workload running the agent has a service account attached
  2. In the GCP Console, check the instance or workload's service account configuration
  3. Verify the metadata server is reachable from the agent (ADC relies on the GCE metadata server at 169.254.169.254)

Regenerate the Service Account Key

If the existing key cannot be verified:

  1. In the GCP Console, navigate to IAM & Admin > Service Accounts
  2. Select the service account and go to the Keys tab
  3. Click Add Key > Create new key > JSON
  4. Update the Knocknoc backend configuration with the new key

Still Having Issues?

We can help you out, contact us at support@knocknoc.io.

Back to top