Hi,
We are facing a strange issue with K2 workflow in production environment. below is the brief description of the issue.
If you have any idea or any previous experience of such issue, then please let us know. Thanks.
The AVLS application is built on SharePoint2010 platform and uses K2 workflows for the Approval process. Earlier, the users added to the SharePoint Groups were not able to start the workflows, as the Group Provider was not working. As the users in the SharePoint group were not getting authenticated at the K2 end, they were not able to start the workflow.
On logging a ticket with K2, a patch was installed by K2, resolving the issue.
The users are now facing an issue, wherein the K2 Workflow is not able to update the SharePoint List. This though, works for our credentials; users were not able to complete the workflows, intermittently. Error thrown is ‘401 – Unauthorized’.
This issue is only on the Production environment.
Action Taken till now:
- Checked user permissions:
- Checked the SharePoint group permissions on the List (Request List) to have read/write permissions.
- Checked and verified that appropriate permissions are applied at the K2 Process (in K2 Workspace). The service accounts are having admin rights on the process and the site collection.
- Checked and verified that the SharePoint groups are added on the K2 Process with the correct permission level.
- Removed and added the users from the SharePoint groups.
- As we were getting the 401 unauthorized errors, we removed the users from the SharePoint groups and added them back.
- Also the K2 service account was removed and added back.
- Logged ticket with K2. As per the suggestion, cleared the Identity Cache by running below scripts.
UPDATE lK2].UIdentity]..Identity]
SET ]ExpireOn] = GETDATE()
,TResolved] = 0
, ContainersResolved] = 0
, ContainersExpireOn] = GETDATE()
,TMembersResolved] = 0
, MembersExpireOn] = GETDATE()
- As per K2, ran the Force Identity Service Refresh Application for each SharePoint Group or Role as below:
-> Use the 'ForceIdentityServiceRefresh.exe'
-> Select all 3 checkboxes (E.g Containers)
-> Ensure servers details are correct
-> Run the refresh.
-> Open Smart Object Tester Tool
-> Execute 'UMUser' Smart Object
-> Method 'Get Role Users' (Execute it twice)
- Logged ticket with K2 and as per the suggestion, introduced a 2 min delay in the workflows.
- The solution did not work with User’s Credentials hence rolled back. (Though worked with our credentials).