Symptoms
Primary Issue: Cached User Credentials Causing - 24404 Authentication with server failed for DOMAINUser with Message: Logon failure: unknown user name or bad password. The problem seems to come from the development work the customer was in the middle of when he changed his password last week. The following sessions/programs were open/connected with the K2 DEV Server:
SmartObject Service Tester
K2 Package and Deployment (Integrated Security used)
K2 WorkSpace (via IE)
Visual Studio w/ K2 Workflow Designer
Diagnoses
Other Support tickets gave clear instructions to use K2 Workspace Single Sign On (SSO) to update the user's password.
Resolution
For the primary issue in the ticket: Customer was instructed how to update their single sign on password:
1. Go to K2 Workspace
2. Go to User Settings > Single-Sign On
3. Select K2 security label and click on Edit Credentials
4. Enter password and click on OK
Customer then asked several follow-on related questions, which are addressed here.
1. Q: Do you know where or at what point am I prompted in K2 for the single sign-on credentials that are stored?
A: You would not have been prompted. It loads automatically when you open K2 Workspace. Your password should update when the identity table refreshes in the K2 database. The identity table refreshes every 8 hours. The SSO in K2 Workspace is a front end way to expedite the identity table update with your new password. Since you were working in K2 for several days after you updated your password, I speculate that something in your overall system configuration delayed your new password from hitting K2.
2. Q: Can I use the "Remove Credentials" button (for just my own credential) and find out?
A: I tried this in a VM from the SSO and it did allow me to remove the credentials - but as soon as I accessed Workspace again it automatically reloaded it.
3. Q: What is the risk of removing my listed credential?
A: The SSO will not let you do it. In theory you could do it in the database but that would void support.
4. Q: Is there a way can I determine what was running at 8 PM and 4 AM?
A: There is no log per se but you can look yourself up in the K2 identity.identity table and see what time you are scheduled to refresh.
You have 2 days to accept or reject this resolution. If you feel the issue is not resolved, please reject this resolution. Otherwise, please take the opportunity to submit feedback, using the link included in this message.
Thanks and Regards,
Susan