When Windows Authentication with Extended Protection enabled, generating a PDF from a SmartForm fails. For more information about Extended Protection, see Integrated Windows Authentication with Extended Protection (MSDN).


For the PDF Broker to successfully work using Windows Authentication configured with Extended Protection, configure Internet Options on the K2 blackpearl server to add the SmartForms runtime server URL to the list of local intranet sites, and set it to automatically log on.

  1. Log on to the K2 blackpearl server using the K2 service account
  2. Go to Start > Control Panel > Internet Options > Security > Local Intranet
  3. Click on Sites, and then click Advanced
  4. Add the server name to the list


  5. Click Close, and then click OK
  6. Click Custom Level
  7. Scroll down to Miscellaneous > Access data sources across domains and change it to Enable


  8. Scroll down to User Authentication at the bottom and select Automatic logon with current username and password