Issue creating new Tenants in production #10384

rogercprops created 5 hours ago

Template: microservice
Created ABP Studio Version: 1.0.2
Current ABP Studio Version: 2.1.6
Multi-Tenancy: Yes
UI Framework: mvc
Theme: leptonx
Theme Style: system
Theme Menu Placement: side
Database Provider: ef
Database Management System: sqlserver
Mobile Framework: none
Public Website: No
Social Login: Yes
Include Tests: Yes
Dynamic Localization: Yes
Kubernetes Configuration: Yes
Grafana Dashboard: Yes
Use Local References: No
Optional Modules:
- GDPR
- TextTemplateManagement
- AuditLogging
- OpenIddictAdmin
Selected Languages: English, English (United Kingdom), Español
Default Language: English
Create Command: abp new CloverleafCMS -t microservice --ui-framework mvc --database-provider ef --database-management-system sqlserver --theme leptonx --skip-migrator --without-cms-kit --dont-run-bundling -no-file-management -no-language-management

Exception message and full stack trace:

When creating a new Tenant in our Production environment, the Identity admin role and user are not being created. We last created a new tenant in December with no problems. We are not having this issue in our development environment.

This is all that's showing in the Saas service pod log:

[20:46:25 INF] Request starting HTTP/1.1 POST http://cloverleafcms-pr-apps-saas/api/saas/tenants?api-version=1.0 - application/json; charset=utf-8 221 [20:46:25 INF] Executing endpoint 'Volo.Saas.Host.TenantController.CreateAsync (Volo.Saas.Host.HttpApi)' [20:46:25 INF] Route matched with {area = "saas", controller = "Tenant", action = "Create"}. Executing controller action with signature System.Threading.Tasks.Task1[Volo.Saas.Host.Dtos.SaasTenantDto] CreateAsync(Volo.Saas.Host.Dtos.SaasTenantCreateDto) on controller Volo.Saas.Host.TenantController (Volo.Saas.Host.HttpApi). [20:46:25 INF] Executing ObjectResult, writing value of type 'Volo.Saas.Host.Dtos.SaasTenantDto'. [20:46:25 INF] Executed action Volo.Saas.Host.TenantController.CreateAsync (Volo.Saas.Host.HttpApi) in 23.8808ms [20:46:25 INF] Executed endpoint 'Volo.Saas.Host.TenantController.CreateAsync (Volo.Saas.Host.HttpApi)' [20:46:25 INF] Request finished HTTP/1.1 POST http://cloverleafcms-pr-apps-saas/api/saas/tenants?api-version=1.0 - 200 null application/json; charset=utf-8 81.0558ms [20:46:25 INF] Request starting HTTP/1.1 GET http://cloverleafcms-pr-apps-saas/api/saas/tenants?GetEditionNames=True&SkipCount=0&MaxResultCount=10&api-version=1.0 - null null [20:46:25 INF] Executing endpoint 'Volo.Saas.Host.TenantController.GetListAsync (Volo.Saas.Host.HttpApi)' [20:46:25 INF] Route matched with {area = "saas", controller = "Tenant", action = "GetList"}. Executing controller action with signature System.Threading.Tasks.Task1[Volo.Abp.Application.Dtos.PagedResultDto1[Volo.Saas.Host.Dtos.SaasTenantDto]] GetListAsync(Volo.Saas.Host.Dtos.GetTenantsInput) on controller Volo.Saas.Host.TenantController (Volo.Saas.Host.HttpApi). [20:46:25 INF] Executing ObjectResult, writing value of type 'Volo.Abp.Application.Dtos.PagedResultDto1[[Volo.Saas.Host.Dtos.SaasTenantDto, Volo.Saas.Host.Application.Contracts, Version=9.2.0.0, Culture=neutral, PublicKeyToken=null]]'. [20:46:25 INF] Executed action Volo.Saas.Host.TenantController.GetListAsync (Volo.Saas.Host.HttpApi) in 32.3796ms [20:46:25 INF] Executed endpoint 'Volo.Saas.Host.TenantController.GetListAsync (Volo.Saas.Host.HttpApi)' [20:46:25 INF] Request finished HTTP/1.1 GET http://cloverleafcms-pr-apps-saas/api/saas/tenants?GetEditionNames=True&SkipCount=0&MaxResultCount=10&api-version=1.0 - 200 null application/json; charset=utf-8 38.8072ms [20:46:26 INF] Found 1 events in the outbox. [20:46:26 INF] Sent 1 events to message broker

Steps to reproduce the issue:

Using the MVC web app, log into the host tenant
Navigate to Saas -> Tenants
Click Create button
Fill in required fields and click Save button
Notification at the bottom of the page indicating the Tenant was created successfully
Using SQL
1. get the Id for the new Tenant
2. Run queries on the Identity service databases to select roles and users with the new TenantId

SELECT *
FROM [CloverleafCMS_PR_Identity].[dbo].[AbpRoles]
-- WHERE [TenantId] is not null
WHERE
[TenantId] = '994e1b70-468f-84c4-987f-3a1f324821cd' -- New tenant Id
ORDER BY [TenantId], [Name]

SELECT 
       [Id]
      ,[UserName]
      ,[NormalizedUserName]
      ,[Name]
      ,[Surname]
      ,[Email]
  FROM [CloverleafCMS_PR_Identity].[dbo].[AbpUsers]
  WHERE [TenantId] = '994e1b70-468f-84c4-987f-3a1f324821cd'

The queries don't return the admin user or admin role (or any user/role).

AI-Bot created 5 hours ago

Support Team ABP Agent

In the microservice template, creating a tenant in SaaS does not directly create the tenant’s Identity admin user/role in the Identity DB. Instead, SaaS publishes a distributed event (outbox), and the Identity service is expected to consume it and then run the tenant migration + data seeding for that new tenant (admin role/user creation happens during that seed).
Your SaaS pod log shows: “Found 1 events in the outbox. Sent 1 events to message broker”. That means the SaaS side is doing its part. The missing users/roles in CloverleafCMS_PR_Identity indicates the consumer side (Identity service) is not processing the tenant-created event, or it processes it but the seed/migration fails (often with a DB connection/timeout issue in production).

What to do (production-accurate checklist)

Check Identity service logs right after tenant creation
- You should see logs about handling the tenant-created event and running migration/seeding for the new tenant.
- If you see nothing, the Identity service is not subscribed/consuming (message broker / consumer / inbox issue).
Verify the distributed event infrastructure is healthy
- Since SaaS says it sent the event, check:
  - Message broker connectivity/credentials for Identity service (RabbitMQ/Kafka, etc.).
  - Consumer is enabled and running in the Identity pod.
- If you use inbox/outbox tables, also check Identity’s inbox background worker health (if enabled).
Most common real cause in production: seeding/migration fails due to DB connection/timeout
- When seeding cannot complete, ABP won’t create the tenant admin user.
- Check production error logs around tenant creation time for SQL timeouts, connection string resolution issues, or migration failures.
If you are using “shared database” (no per-tenant connection string)
- There is a known/previously-reported issue pattern where tenant seeding can fail depending on how the unit of work is started during tenant migration/seed flow (especially around connection string resolution / timeouts).
- See the discussion and workaround notes in the support thread below.
Confirm tenant DB (or schemas) are created/migrated and seed completed
- ABP’s KB explicitly points out that inability to login / missing tenant admin typically means tenant seeding didn’t complete; you must check the logs for the seeding process.

Sources

https://abp.io/docs/latest/kb/can-not-login-with-admin-user
https://abp.io/support/questions/2240

This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.

rogercprops created 4 hours ago

I've checked the logs for the Authserver, Identity service, Administration service and Saas service. The only thing that generated a log was the tenant create (POST) in the Saas service.

I checked the rabbitmq log and there was nothing there.

I then logged into the rabbitmq management console and didn't see any outstanding messages in the queues

Have an answer to this question? Log in and write your answer.

Question details

ABP Version (vX.X.X)

Database Management System

Tiered (MVC) or Auth Server Separated (Angular)

Boost Your Development

ABP Live Training
Packages

See Trainings

The Official Guide

Mastering
ABP Framework

Learn More

Framework

Tools

Mobile

Startup Templates

UI

Modules

2 Answer(s)