Hi Karon,
This is possible and supported. You will require the correct trusts between your forests to work. The easiest is a two-way transitive trust between the forests.
Once you have that working you add the other domains to the K2Server.config as well as the K2Studio.config.
HTH,
Conrad
Page 1 / 1
Hi,
Does K2.net support multi domain in different domain forest? If one company purchase another one, then destintine user should be from different domain, is it possible, and hot to do it? thanks.
Regards,
karon
Does K2.net support multi domain in different domain forest? If one company purchase another one, then destintine user should be from different domain, is it possible, and hot to do it? thanks.
Regards,
karon
Does K2 support Oneway tranitive trusts??
I am currently trying to deploy an application that utilises k2 for workflow components.
All service accounts reside in one domain which trusts the domain with all the users in it (the user domain doesn't trust the app domain).
I have created a domain local group on the app domain and added the nessacary members to this group has then been granted all permissions on the nessacary processes. K2 accepts this configuration but when the app attempts to kick off a workflow (delegated as the user from the user domain) an error is generated saying that the user doesn't have permission to access start the process.
I am assuming that this means the k2 service account requires permissions on the user domain?
Any help or definition on this would be much appreciated.
I am currently trying to deploy an application that utilises k2 for workflow components.
All service accounts reside in one domain which trusts the domain with all the users in it (the user domain doesn't trust the app domain).
I have created a domain local group on the app domain and added the nessacary members to this group has then been granted all permissions on the nessacary processes. K2 accepts this configuration but when the app attempts to kick off a workflow (delegated as the user from the user domain) an error is generated saying that the user doesn't have permission to access start the process.
I am assuming that this means the k2 service account requires permissions on the user domain?
Any help or definition on this would be much appreciated.
Hi Banjo,
The K2.net Service account will need to be able to read user information in the user domain. If you only have a one-way trust you will have to create your K2.net Service account in the user domain otherwise it will not be able to do this. This will enable the account to read the AD properties (like email address) for the users and the trust will allow the users to access the service in the app domain.
However, it sounds like your user is denied access to start the process. This used to be a problem in earlier versions of K2.net which was fixed in Service pack 3. Can you confirm the vesion of K2.net you are using?
Regards,
Conrad
The K2.net Service account will need to be able to read user information in the user domain. If you only have a one-way trust you will have to create your K2.net Service account in the user domain otherwise it will not be able to do this. This will enable the account to read the AD properties (like email address) for the users and the trust will allow the users to access the service in the app domain.
However, it sounds like your user is denied access to start the process. This used to be a problem in earlier versions of K2.net which was fixed in Service pack 3. Can you confirm the vesion of K2.net you are using?
Regards,
Conrad
Thanks for the quick response... I have been running around all morning and yes we are running SP3.
I am still trying to test the service account in the other domain (unfortunatly i don't have the required access to create SPNs on my own user account and have to wait for an admin of the user domain to come into work).
I am also going to raise a support ticket to get confirmation from K2 that this is a supported issue, not that I don't beleive you, I think your spot on the money!!
I will update the post when i have finsihed my testing. hopefully it will help someone in the future.
Thanks for your help
Ben
I am still trying to test the service account in the other domain (unfortunatly i don't have the required access to create SPNs on my own user account and have to wait for an admin of the user domain to come into work).
I am also going to raise a support ticket to get confirmation from K2 that this is a supported issue, not that I don't beleive you, I think your spot on the money!!
I will update the post when i have finsihed my testing. hopefully it will help someone in the future.
Thanks for your help
Ben
Alrighty...
I have setup a new domain and have replicatied the trust setup we have in production.
i am running k2 as a service account from the USERdomain but i am now having problems with kerberos. I have created the spns and set the new service account to be delegated but still no luck...
Any ideas, what have i missed.
I have setup a new domain and have replicatied the trust setup we have in production.
i am running k2 as a service account from the USERdomain but i am now having problems with kerberos. I have created the spns and set the new service account to be delegated but still no luck...
Any ideas, what have i missed.
Reply
View our Community Site Map
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.