Manual job launch fails with "Unknown identity" after upgrading to 2026.2.0

Backlog

Manual job launch fails with "Unknown identity" after upgrading to 2026.2.0

avatar

Hello,

After upgrading from 2026.1.6 to 2026.2.0, a domain user can no longer start a script manually from the admin console. The job fails immediately with Failed to start script. Unknown identity: DOMAIN\Account

I did some troubleshooting before posting here and I found out that the console identifies me as DOMAIN\Account (with domain name in uppercase), and automatically creates an identity for me that I can find under Security > Identities. This automatically generated identity is stored as domain\account (With domain in lowercase).
I manually created a second identity for my account with domain name in uppercase, and I was able to start a job successfully.

Here are some details about my environment :

Version: 2026.2.0
Auth: Windows Authentication, AD domain account
Database: PostgreSQL
Licensed: Yes
Install: As a Windows Service with SYSTEM account

Thank you in advance for your help.

All Comments (4)

avatar

Hi acoutellier,

Thanks for the very detailed report.

I'm able to reproduce this in our lab with PSU 2026.2.0 and Windows Authentication on a PostgreSQL backend.

What's happening: the principal arrives at PSU with the domain part in uppercase (DEVOLUTIONS\Account), but the Identity record that PSU auto-creates on first login stores the domain in lowercase (devolutions\account).

The web admin console and the general login flow perform case-insensitive comparisons, so they still recognize you.
The manual script-launch path is different, it resolves the Identity with a case-sensitive comparison.

On PostgreSQL, where the default text equality is case-sensitive, that lookup misses the auto-created row, and you get the Unknown identity: DOMAIN\Account error.
On SQL Server, the same setup hides the bug because the default collation is case-insensitive, which is why this only shows up against PostgreSQL.
Your workaround, manually adding a second Identity row with the uppercase domain form, is the right one, and it's what I'd recommend until the fix ships.
It's safe to do for each affected user. Once a fix is in place, you can keep the uppercase rows (no harm) or remove the duplicates.

We have an internal ticket open for this class of issue, originally raised against the App Token form, and a fix is in progress for the next 2026.2 maintenance release.

I've made sure the team is aware that the same root cause affects manual script invocation, so the regression coverage isn't limited to the App Token surface.
I don't have a firm date to share yet, but it's actively being worked on.

If you hit a similar "Unknown identity" anywhere else in the admin console — App Tokens, schedules, anything else that resolves your account — the same workaround applies.

Thanks again for the clean repro.
It made confirming and scoping this much faster.

Best regards,

Patrick Ouimet

avatar

Hi Patrick,

Thank you very much for taking time to reproduce my scenario and provide me with a clear response.
It is now clear for me, I am the only one who needs to manually start scripts from time to time, so the workaround is fine with me.

Looking forward for the next release !

Thanks again.

Kind Regards

Axel

avatar

Hi Axel,

Following up on your forum report about manual script launches failing with "Unknown identity" after the 2026.2.0 upgrade.

I want to be upfront with you about where things stand.
The 2026.2.1 maintenance release did ship a case-sensitivity fix on 2026-06-26.
On closer review, that fix is scoped only to the App Token creation form.

The manual script launch path uses a different piece of code.
That piece was not touched by the 2026.2.1 patch.
I reproduced the issue again today on both 2026.2.1 and 2026.2.2.

The manual launch scenario is still broken on PostgreSQL with Windows Authentication.
Your existing workaround remains the right one.
Adding a second Identity row with the uppercase domain form is safe to keep for as many users as need it.
I have now opened an internal ticket with our QA team specifically for the manual script launch path.
It includes the reproduction steps, the exact code location, and a suggested fix direction.

The original ticket only covered the App Token form, which is why the manual launch scenario slipped through.
I will follow up here as soon as I have a confirmed fix version.
Thanks again for the detailed report, and my apologies for the earlier expectation that 2026.2.1 would cover this scenario.

Best regards,

Patrick Ouimet

avatar

Hi Patrick,

Thank you for the follow up.
The workaround is in place for all the people who need it so no problem for waiting a bit longer for the fix.

Kind Regards,

Axel