Symptoms
While running the registration wizard against a SharePoint 2013 site collection/subsite, on the creation/refresh of the SharePoint 2013 service broker step the following error message can be seen:
"VALIDATIONFailed to initialize the Context: URL: Username: Error Details: The remote server returned an error: (401) Unauthorized. Method: SharePointService.initializeContext "
Diagnoses
This is a result of a misconfiguration of OAuth between SharePoint 2013 and K2. AppDeployment is responsible for moving things over and configuring trusts between SharePoint and K2, however sometimes if this process was not properly completed by the installer, this type of error can be seen.
Most of the time, the K2 OAuth High Trust certificate was not moved to the SharePoint servers nor will the K2 for SharePoint trust be created in order for K2 to communicate with SharePoint in a trusted manner. To fix this, it will require some manual intervention.
Resolution
To resolve this issue:
1. Move the K2 OAuth High Trust certificate to each SharePoint server and place them in the Certificates Console for the Computer Account, namely in the Trusted Root Certification Authority, Personal, and Intermediate Certification Authority folders.
2. Run AppDeployment, which may or may not give a warning about not being able to retrieve the OAuth High Trust information from the K2 database. This has been seen primarily in 4.6.8 installations, meaning that ultimately the AppDeployment cannot retrieve the proper certificate to begin the process of creating the trust with K2 in SharePoint
3. After making sure the certificate is move to the proper location on each SharePoint server in the farm, you will then need to creat the SPTrustedRootAuthority relationship and SPTrustedTokenIssuer for K2 for SharePoint using Powershell scripts provided with the AppDeployment installation files, and remove the AppOnly token from the Authorization. AuthAppOnlyToken table in the K2 database for the site.
5. Afterward you can run the AppDeployment wizard again to confirm that the proper items for K2 to operate within your environment are setup.
***It would be wise to contact K2 Support for help with these steps to make sure the proper information is being manipulated.***
