I encountered a similar situation, and scratched my head for a few days. Forums and searching turned up this thread as the most useful resource I could find, but I still wasn't able to solve the issue.
After fiddling around for awhile, I discovered that when I created my app-id, I had specified that authentication be restricted to members of a particular domain. The domain I specified was a Google Apps powered domain I used for dev and testing of GAE apps that weren't ready for prime time... but the domain I wanted to deploy on was a different Google Apps powered domain. Specifically, what tipped me off was a notice on the Application Settings page in the online GAE management console: under the App Title was the Authentication Options section with a notice saying "When this application was created it was configured to allow anyone with a valid [not-the-domain-i-wanted-to-deploy-on].com Google Apps domain to sign in if the Google Accounts API is used for authentication. Learn more". Perhaps this message should actually say "This app was created with Authentication restricted to users registered with Google Apps on [domain].com. This cannot be changed after the ApplicationID is created. If you require the ability to authenticate outside users, you must use a different authentication method that the Google Accounts API." Basically, I'm suggesting anyone who comes here with this exact problem - double check that the domain to which you restricted your authentication is also where you wish to deploy. (Unfortunately, this cannot be changed after initial app configuration... I'm not sure if that is a security feature or a manageability bug.)
-- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appeng...@googlegroups.com. To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.