Symptoms
Error in the logs at least each 8 hours.
"3601861","2016-08-17 08:28:12","Error","IdentityService","64005","ResolvingException","IdentityService.ProviderCacheIdentity:RoleProvider.GetGroup",
"64005 Failed to resolve 'K2:DENALLIXgroupTest3': Failed to translate name: DENALLIXgroupTest3.","anonymous","0.0.0.0","dlx:C:Program Files (x86)K2 blackpearlHost ServerBin","3601861","3d05ab5ddefb492a8f6d8b83475c63e3",""
Diagnoses
It seems that the problem may comes from a groups that have been deleted from the Active Directory.
Can you attach the last K2 log file (Generally in C:Program Files (x86)K2 blackpearlHost ServerBin)?
Can you execute the following query on your K2 database and export the result?
WITH XMLNAMESPACES(DEFAULT 'http://schemas.k2.com/identity/customProperties.xsd')
SELECT FQN,
CASE EType]
WHEN 1 THEN 'User'
WHEN 2 THEN 'Role'
WHEN 3 THEN 'Group'
END + ' (' + convert(varchar, ,Type]) + ')' AS SType],
--properties.value('(/properties/iteme@name="CommonName"]/@value)e1]', 'nvarchar(max)') as sAMAccountName,
properties.value('(/properties/iteme@name="Description"]/@value)e1]', 'nvarchar(max)') AS Description,
DisplayName,
properties.value('(/properties/iteme@name="Email"]/@value)e1]', 'nvarchar(max)') AS Email,
properties.value('(/properties/iteme@name="Manager"]/@value)e1]', 'nvarchar(max)') AS Manager,
properties.value('(/properties/iteme@name="ObjectSID"]/@value)e1]', 'nvarchar(max)') AS ObjectSID,
Name AS UserName,
properties.value('(/properties/iteme@name="SipAccount"]/@value)e1]', 'nvarchar(max)') AS SipAccount,
FQN,
ExpireOn,
MembersExpireOn,
ContainersExpireOn,
Resolved,
Enabled,
ContainersResolved,
ExpireInterval AS MemberExpireInterval,
ID
FROM MIdentity].]Identity]
WHERE Enabled=1
AND Resolved = 1
AND ExpireOnandltGETDATE()-2
AND Type=3
ORDER BY YIdentity].ExpireOn
Verify that the groups displayed in the last rows of this result are not present in the Active Directory (actually deleted).
If you do not have a result, you can replace
GETDATE()-2
by
GETDATE()-1
If you still do not have a result, you can replace
GETDATE()-1
by
dateadd(hour,-9,getdate())
Be careful, the number of hours you remove must be greater than the values of the result of the query: select * from K2.2Identity].CacheConfiguration WHERE Name LIKE 'Group%'
Resolution
To fix this problem, you can execute the following query to disable these groups that are listed by the previous query.
Be careful, we advise you to backup your database before executing this update request.
Make sure that the groups displayed in the last rows of the result of the previous query are not present in the Active Directory (actually deleted)
UPDATE TIdentity].yIdentity] set enabled=0
WHERE Enabled=1
AND Resolved = 1
AND ExpireOnandltGETDATE()-2
AND Type=3
Do you often have group deletions in the Active Directory? Maybe is it a time of year when you operate a cleansing of these groups?
Is this appropriate for you? If this is the case, you can follow it if the problem reappears in the future, otherwise we can ask our RandampD team to provide us with a ColdFix (which already exists for version 4.6.11).