Symptoms
Authentication error when configuring K2 from Central Administration
Diagnoses
We are receiving an error when we navigation to the Activate All K2 Features and K2 Configuration Settings page in Central Administration. We recently migrated our K2 databases to a new server so we had to run Setup Manager on the servers in the SharePoint farm to point it to the new database and get the Workflow Designer to work. We were able to do this without problems on another DEV farm (connecting to the same K2 server) but we are having issues with this farm. Attached is a screenshot of the page in Central Administration. We are also seeing the following message in the log:
"586339197","2015-03-31 08:17:07","Error","Unknown","8060","ProcessPacketError","SourceCode.Hosting.Server.Services.TCPClientSocket.ProcessMessage","8060 ProcessPacket Error, 3014 A mismatch between the end user and the connection credentials has been detected. This may be intentional and will only require action if specific problems are currently being encountered. Refer to Kerberos and K2 Pass-Through Authentication settings (currently ClientKerberos) and documentation.","system","::1","DLX:C:Program Files (x86)K2 blackpearlHost ServerBin","586339197","d3974faa3e4a4e18abe0fa99827e2547",""
"586339209","2015-03-31 08:17:07","Error","System","2025","InternalMarshalError","SourceCode.Hosting.Server.Runtime.HostServerBroker.InternalMarshal","2025 Error Marshalling K2Server.VerifyAdminUser, The requested name is valid, but no data of the requested type was found","","","DLX:C:Program Files (x86)K2 blackpearlHost ServerBin","586339209","265b5dadfc3f4ff59733a8c499d9d724",""
Please note that we are running Kerberos on the K2 server and that we are logged in with the K2 Admin account (NOT K2 Service account or SharePoint Central Admin App Pool account). We have verified that all accounts have K2 Admin privileges.
Resolution
Customer discovered that the SharePoint Central Admin App Pool account is set up for constrained delegation, but the K2 SPNs were NOT in the delegation list. After adding the delegation, customer was able to run the K2 activation wizard without any error.