After an upgrade, the most common cause of this exact error on a "public" portal page is that the sys_public table entry for the Service Portal processor ($sp) — and sometimes the AngularJS processor ($angular.do) — has been deactivated by security hardening. The page-level "public" flag on sp_page alone is not enough; the processor itself must also be marked public.
Check, in this order:
1. Navigate to sys_public.list. Confirm a record where Name = $sp exists and Active = true. If missing or inactive, activate it.
2. Verify the sp_page record for the registration page has Public = true and that any widgets on it have the public role on their roles field.
3. Run the page through Access Analyzer as an unauthenticated session to see which ACL is denying (commonly a table read ACL on the record producer's target table, or an ACL on ui_page).
4. If a record producer is embedded, confirm its Available For / User Criteria still includes the public user criteria — upgrades can reset this.
