K2 Management Site: "The anonymous token supplied is invalid" error appears in K2 NLB farm configuration.


It is not possible to access the K2 Management site using the K2 NLB farm name from client machines with the following error message:

The anonymous token supplied is invalid

•Type: SourceCode.Forms.AppFramework.InvalidAnonymousTokenException

•Source: SourceCode.Forms

•Method Base

Troubleshooting Steps

1. You can try adding the following setting in the AppSettings section of the relevant Designer/Runtime web.config file:

<add key="Forms.AnonymousAuthorizationModule.TokenServerVariables" value="None" /> 

Designer/Runtime web.config files can be found in the following locations:

C:\Program Files (x86)\K2 blackpearl\K2 smartforms Designer\Web.config

C:\Program Files (x86)\K2 blackpearl\K2 smartforms Runtime\Web.config.

In certain scenarios it resolves this error, and you can find more details about this setting in K2 INSTALLATION AND CONFIGURATION GUIDE > Anonymous Views or Forms section under Considerations.

2. In other cases adding this setting may not help, you can then perform other checks (which is specific to NLB configurations) to confirm whether you need to use explicit records in host files on the client's machine to ensure that the K2 farm name is being resolved into specific farm node IP address. If the error does not occur in this scenario it is a clear indication of issues with the NLB appliance configuration.

To resolve this check your NLB configuration and make sure that the persistent session settings on your NLB appliance is switched onK2 requires the NLB persistence type to be set to IP Affinity.

Different load balancing appliances/vendors may name this setting differently, so be sure to consult the documentation specific to the NLB appliance you use. For more details refer to the following KB article: Seemingly random 401 errors in load balanced SharePoint, Workspace, SSRS and K2 server environments

In Windows NLB software configuration, IP Affinity can be enabled by setting the Filtering mode for Multiple host to either:

Single: routes all requests from a single IP to the same load balanced server or

Class C: routes all requests from IPs of the same Class C IP address range to the same load balanced server.

In F5 (BIG-IP) hardware configuration IP Affinity is obtained by setting the Persistence Type to Source Address Affinity

In Barracuda NLB this setting is named Persistent Sessions.