Skip to main content


 

Symptoms


Over the weekend our TEST K2 server started throwing errors whenever users attempt to access the View Flow diagram for a particular process instance. This is causing problems with final UAT for our upgrade to 4.6.8. We had many certificate problems with the identity service while installing 4.6.8 and though it ran for weeks just fine, it appears to be broken again.

Exception information:
Exception type: ArgumentOutOfRangeException
Exception message: Index and length must refer to a location within the string.
Parameter name: length
at System.String.InternalSubStringWithChecks(Int32 startIndex, Int32 length, Boolean fAlwaysCopy)
at SourceCode.Security.Claims.Sts.Windows.Controllers.wsFedController.Index()
at lambda_method(Closure , ControllerBase , Objectt] )
at System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters)
at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters)
at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass37.<>c__DisplayClass39.b__33()
at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass4f.b__49()
at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass37.b__36(IAsyncResult asyncResult)
at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass25.<>c__DisplayClass2a.b__20()
at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass25.b__22(IAsyncResult asyncResult)
at System.Web.Mvc.Controller.<>c__DisplayClass1d.b__18(IAsyncResult asyncResult)
at System.Web.Mvc.Async.AsyncResultWrapper.<>c__DisplayClass4.b__3(IAsyncResult ar)
at System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult)
at System.Web.Mvc.Async.AsyncResultWrapper.<>c__DisplayClass4.b__3(IAsyncResult ar)
at System.Web.Mvc.MvcHandler.<>c__DisplayClass8.b__3(IAsyncResult asyncResult)
at System.Web.Mvc.Async.AsyncResultWrapper.<>c__DisplayClass4.b__3(IAsyncResult ar)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Booleanand completedSynchronously)
 

Diagnoses


This error is shown when the formatting of another error is too long. The customer was provided a debug assembly which surfaced the actual error:

System.InvalidOperationException: Certificate not found: B553E86A27CF3562FC2FBA387E71782CBEB0212F at SourceCode.Security.Cryptography.X509Certificates.GetCertificateFromStore(StoreLocation location, StoreName name, X509FindType findType, Object value) at SourceCode.Security.Claims.Sts.TokenService.TokenServiceConfig..ctor() at SourceCode.Security.Claims.Sts.TokenService.TokenServiceConfig.get_Current() at SourceCode.Security.Claims.Sts.Controllers.WsFedControllerBase.Index() at SourceCode.Security.Claims.Sts.Windows.Controllers.wsFedController.Index()

The customer compared the thumbprint listed to the existing certificates, and did not find a matching one.

 

Resolution

The customer copied the thumbprint of the correct self-signed certificate and update the Identity.ClaimIssuer table, as well as the web.config for Identity > STS > Windows application in IIS. This surfaced the error "Keyset does not exist". The customer followed the workarounds in the following KB: http://help.k2.com/kb001571 and verified that the K2 service and Workspace App Pool account had permissions to the certificate.

After this, viewflow worked correctly




 
Be the first to reply!

Reply