403 forbidden error when running command "dfx identity --network ic deploy-wallet <canister-identifer>"

I’ve created an issue to improve the deploy-wallet command https://github.com/dfinity/sdk/issues/1723

1 Like

Sorry about not being able to respond to you yesterday, I ran out of how many times I could post as a new user.

So I tried your steps and the first steps gives me an error of “wallet/build.sh: line 18: cargo: command not found”

I’ve also added the canister_ids.json file like

Attached is the screen shot of line where it is calling out the error

That makes sense - it assumes you are set up to compile Rust code. I’ll spend some time today getting up to speed with workflows to host your first canister, and hopefully have a better strategy for you

Ok great thank you for the help

I can confirm that this is happening with all flows that start with an empty canister, and I don’t know of a proper workaround. We’ll prioritize a fix so that deploy-wallet works as expected

1 Like

Just gonna let that here in case it would help someone some day as I just faced the exact same issue / msg:

Installing code for canister …, with canister_id …
The replica returned an HTTP Error: Http Error: status 403 Forbidden, content type “”, content: Requested canister rejected the message

I successfully created the canister in the nns app and also configured it correctly locally but, I forgot to change the controllers (assign my personal principal id to the new canister) in nns app. Once done, everything went alright.

1 Like

I’m getting the same error. I created a canister (funded with 2T cycles). I set the controller to my principal id. When I come to deploy I see this:

[13:34] ~/dfinity/tom_airclaim$ dfx canister create --with-cycles 2000000000000 tom_airclaim
Creating canister "tom_airclaim"...
"tom_airclaim" canister created with canister id: "rrkah-fqaaa-aaaaa-aaaaq-cai"
[13:36] ~/dfinity/tom_airclaim$ dfx canister update-settings --controller u5fcy-h625d-kffrx-solci-a2aze-ehckf-hszyq-hx3nj-ji36i-vensk-pqe tom_airclaim
Updated "u5fcy-h625d-kffrx-solci-a2aze-ehckf-hszyq-hx3nj-ji36i-vensk-pqe" as controller of "tom_airclaim".
[13:36] ~/dfinity/tom_airclaim$ dfx deploy --network ic --no-wallet
Deploying all canisters.
All canisters have already been created.
Building canisters...
Installing canisters...
Upgrading code for canister tom_airclaim, with canister_id ryjl3-tyaaa-aaaaa-aaaba-cai
The replica returned an HTTP Error: Http Error: status 403 Forbidden, content type "", content: Requested canister rejected the message

Some supporting information:

[13:42] ~/dfinity/tom_airclaim$ dfx identity get-principal
[13:42] ~/dfinity/tom_airclaim$ dfx --version
dfx 0.8.0
1 Like

It looks like when the new cycles wallet is created, it is NOT assigned to your principal. There is one step missing for that : dfx …set wallet.

In practice, that Convert Cycles section of the tutorial should be modified to include the 3 step
1 - dfx ledger --network ic create-canister --amount NbICPTokens

2 - dfx identity --network ic set-wallet --force NewlyCreatedCyclesCanisterID

3 - dfx identity --network ic deploy-wallet canisterd

Step 2 is missing.

1 Like

Hmmm looks like this suspicious set-wallet command is the one that is unblocking the management-canister, see this: 403 error when I call the management canister

Exact. When the cyclesWallet is first created, the creators principal is not assigned as a controller. Somehow this is where the permission issue stems from. Fleek/Plu got this and even included the command in the faucet claim process…so i don’t get why Dfinity has not taken that into account in the tutorial. and so many people get stuck here. This should be a priority update with clear explanation if not include the assignement directly into the cycle creation process. This is a major showstopper for newcommers.


@chenyan @diegop the person(s) who wrote the code for the set-wallet command must know what is going on here.

Thanks for the heads up. Ill ping team

1 Like

I ran through the steps in the Network Quickstart Tutorial, and ended up with a functional wallet after doing so.

When I tried interjecting a step 2 (dfx identity set-wallet), I ended up with a wallet with no wasm, that I could neither deploy to, stop, nor delete.

dfx ledger create-canister requires a controller to be passed. Maybe this was not always the case.

This is what happened when I followed the linked tutorial:

$ dfx --identity mainnet identity get-principal       
$ dfx --identity mainnet ledger --network ic create-canister cjxsv-7ook7-vgkeq-5kaih-2e4u3-fg2to-miupt-fgrrn-dfpza-2vxa5-zae --amount 0.05
Transfer sent at BlockHeight: 904175
Canister created with id: "p3cxd-oiaaa-aaaai-aaueq-cai"
$ dfx --identity mainnet identity --network ic deploy-wallet p3cxd-oiaaa-aaaai-aaueq-cai
Creating a wallet canister on the ic network.
The wallet canister on the "ic" network for user "mainnet" is "p3cxd-oiaaa-aaaai-aaueq-cai"
$ dfx --identity mainnet wallet --network ic balance
1431548681986 cycles.
$ dfx --identity mainnet wallet --network ic controllers
$ dfx --identity mainnet identity --network ic get-wallet
1 Like

@ericswanson try to create a canister in the nns-frontend and then add the dfx controller as a controller and then use dfx to deploy a wallet onto it. See if you can get that to work without doing the set-wallet command (by the way it seems like it needs the set-wallet —force option).