Specific domain users receive an error when logging in to K2

This article was created in response to a support issue logged with K2. The content may include typographical errors and may be revised at any time without notice. This article is not considered official documentation for K2 software and is provided "as is" with no warranties.


Specific domain users receive the following error when logging in to K2:

Exception of type 'System.Web.HttpUnhandledException' was thrown. 
Argument 'userFqn' may not be null or empty 
Parameter name: userFqn



  • This issue only occurs on a K2 environment that has multiple domains integrated
  • Active Directory trusts have already been established between the domain K2 environment is in, and the other domains
  • After attempting the solution provided in this KB, the issue persists.

Troubleshooting Steps

Since only users from specific domains are affected, the only possible cause for this is the other domains are not properly configured in the K2 security label. The most direct way to check the multiple domain configuration is via the [HostServer].[SecurityLabel] table in your K2 database.

Please make sure to perform a backup of your current K2 database before making any changes to it.

On your [HostServer].[SecurityLabel] table, look for your K2 security label, and check the following:

  • Make sure the AuthInit property for the 'K2' security label has all the domains' NETBIOS specified correctly.


  • Make sure the NETBIOS specified in AuthInit matches the NETBIOS specified in RoleInit's connection string


  • Make sure the MultiDomain property in RoleInit is set to True


If you need to update any of the above, please make sure to stop your K2 service first, before you update the value in the SecurityLabel table. Once you have updated the values, you will need to restart your K2 service for the changes to take effect.