<{{Subtitle_Weight}} class="prominent-subhead {{Show_Subtitle}}"> {{Header_Subtitle}}

PDF Generation Fails when Windows Authentication is configured with Extended Protection

This article has been archived, and/or refers to legacy products, components or features. The content in this article is offered "as is" and will no longer be updated. Archived content is provided for reference purposes only. This content does not infer that the product, component or feature is supported, or that the product, component or feature will continue to function as described herein.


When Windows Authentication with Extended Protection enabled, generating a PDF from a SmartForm fails. For more information about Extended Protection, see Integrated Windows Authentication with Extended Protection (MSDN).


For the PDF Broker to successfully work using Windows Authentication configured with Extended Protection, configure Internet Options on the K2 blackpearl server to add the SmartForms runtime server URL to the list of local intranet sites, and set it to automatically log on.

  1. Log on to the K2 blackpearl server using the K2 service account
  2. Go to Start > Control Panel > Internet Options > Security > Local Intranet
  3. Click on Sites, and then click Advanced
  4. Add the server name to the list


  5. Click Close, and then click OK
  6. Click Custom Level
  7. Scroll down to Miscellaneous > Access data sources across domains and change it to Enable


  8. Scroll down to User Authentication at the bottom and select Automatic logon with current username and password