Overview π₯
When the Liongard N-Central Inspector fails with a "401" error, it means the authentication details being used to connect to N-Able N-Central are no longer considered valid. This typically occurs when the service account password or API key has expired, been rotated, revoked, or mismatched.
βError :
This article provides a structured and detailed troubleshooting process to restore successful authentication, along with best practices to prevent recurrence.
Why This Happens? π€
A 401 error confirms that the request reached the N-Central server, but it was rejected due to invalid authentication.
Common root causes include:
The service account password was changed, but the API key was not regenerated.
The API key was revoked, expired, or deleted in N-Central.
The service account is locked, disabled, or missing required permissions.
The API key was updated in N-Central but not updated inside Liongard.
SSO or MFA was enabled on the service account (API access does not support SSO/MFA).
N-Central server upgrades or policy changes invalidated existing tokens.
The account was converted from local to SSO-managed.
Troubleshooting Flow π
Step | Check | Expected Result | Next Action |
1 | Run Inspector in Debug + Clear Cache | Logs generated | Review authentication errors |
2 | Validate Account Status | Account is Active | Unlock or re-enable if needed |
3 | Reset Password | Login succeeds | Regenerate API key |
4 | Regenerate API Key | New key created | Update Liongard |
5 | Verify MFA / SSO | Disabled | Switch to non-SSO account |
6 | Re-run Inspector | Status = Completed | Escalate if still failing |
Steps to Resolution π¨βπ»
1οΈβ£ β Reset the N-Central Service Account Password
Log into the N-Central admin portal.
Locate the Liongard service account.
Reset the password.
Confirm you can log in interactively with the new password.
Even API-only accounts often require valid password authentication internally.
2οΈβ£ β Regenerate the API Key
In N-Central, navigate to:
Administration β API Keys
Locate the key associated with the service account.
Revoke or delete the old key.
Generate a new API key.
3οΈβ£ β Update the API Key in Liongard
Open the N-Central Parent Inspector config in Liongard.
Paste the newly generated API key.
Carefully verify:
No extra spaces before or after the key
No line breaks
No hidden characters
Even a single hidden character will cause a 401 error.
4οΈβ£ β Run Inspector in Debug + Clear Cache
This forces Liongard to:
Discard stale tokens
Rebuild authentication cache
Generate clean logs
5οΈβ£ β Perform Additional Authentication Checks
Check | How to Validate | Required State |
Account Status | N-Central User Manager | Active / Unlocked |
Permissions | Account role | API / Integration permissions enabled |
MFA / 2FA | Security settings | Must be disabled |
SSO | Authentication method | Must be local account |
API Key | Key list | Active and unexpired |
6οΈβ£ β Re-Run the Inspector
After completing all changes:
Run the inspector again.
Verify status = Completed.
Confirm data prints successfully.
Credential Relationship π
Liongard Inspector
β
Service Account Password (N-Central)
β
API Key
β
N-Central API Endpoint
β
Authentication Success
If any layer in this chain is broken β 401 error occurs
Best Practices π§βπ«
Practice | Reason |
Use dedicated service account | Avoids user-based policy changes |
Disable MFA/SSO on API accounts | API authentication doesn't support them |
Rotate both password and API key together | Prevents mismatches |
Document credential changes | Simplifies troubleshooting |
Monitor release notes | Prevents surprise authentication breakage |
When to Contact Support π¦
Contact Liongard Support if:
401 errors persist after password + API key reset.
Account is confirmed active and non-SSO.
Debug logs still show authentication failures.
What to Collect for Support
Item | Description |
Debug logs | Export from Debug + Clear Cache run |
Screenshots | Inspector configuration (without exposing full keys) |
Account status | Proof account is active |
Recent changes | Any password, MFA, or server policy updates |
N-Central version | Server version and recent upgrades |
External References π
Third-Party Link Disclaimer βΌοΈ
We may reference external third-party resources solely as additional guidance.
Liongard does not own, control, or guarantee the accuracy, security, or reliability of third-party sites. Please use them at your own discretion and risk.