Updating to K2 4.7 causes the removal of the AppPoolAccount on K2TokenService.exe.config that breaks Kerberos

  • 16 February 2021
  • 0 replies
  • 71 views
MillaZ
Userlevel 5
Badge +20
 

Updating to K2 4.7 causes the removal of the AppPoolAccount on K2TokenService.exe.config that breaks Kerberos

kbt136672

PRODUCT
K2 blackpearl 4.7
This article was created in response to a support issue logged with K2. The content may include typographical errors and may be revised at any time without notice. This article is not considered official documentation for K2 software and is provided "as is" with no warranties.
LEGACY/ARCHIVED CONTENT
This article has been archived, and/or refers to legacy products, components or features. The content in this article is offered "as is" and will no longer be updated. Archived content is provided for reference purposes only. This content does not infer that the product, component or feature is supported, or that the product, component or feature will continue to function as described herein.

Issue

Error appears when running any view/form after upgrading to 4.7:

The current Service Instance 'Service InstanceName' enforces impersonation, which caused the current request to fail as only Pass-Through Authentication credentials were available for 'DomainUsername'.

 

Either cache some credentials for 'DomainUsername' or configure Kerberos. If impersonation doesn't need to be enforced and the K2 Service Account is suitable, disable the Enforce Impersonation option for this Service Instance.

Symptoms

This error appeared when upgrading to K2 4.7 using the update installer.

 

Before the upgrade, the AppPoolAccount is visible in this section of code:

<allowedCallers>
</clear>
<add value="[Domain][AppPoolAccount]" />
</allowedCallers>

 

 After running the K2 4.7 update installer, the AppPoolAccount was removed:

 

<allowedCallers>

</clear>
</allowedCallers>

 

Resolution

This was identified as an existing bug on the K2 Product when upgrading to 4.7.

The workaround on the bug is to add the SmartForms App Pool Account to the section in the C:Program Files (x86)K2 blackpearlToken ServiceBinK2TokenService.exe.config file as follows:

1. Add AppPoolAccount user value to: K2TokenService.exe.config below the clear   
2. Restart the K2 Claims To Windows Token Service, under Windows Services.
3. Clear web browser cache. Make sure the option for “Preserve Favorites website data” is unchecked if using IE.
 

<allowedCallers>
</clear>
<add value="[Domain][AppPoolAccount]" />
</allowedCallers>
Check out these Nintex University Learning paths: https://community.nintex.com/p/NintexUniversity

0 replies

Be the first to reply!

Reply


View our Community Site Map

Nintex Community Sitemap
Terms & ConditionsCookie settings