Hi,

I have a WSS site running on SBS 2003. And k2 on Win 2003 server with SQl server on it. K2 and WSS are running domain accounts, which are trsuted for delegations. I have already set up the Kerberos Authentication.

I am able to start a K2 process from the WSS doc lib. But now I am facing following problems:

1. Whenever a user other than administrator accesses his workspace, the following message comes on the k2 server console " RegManager using NTLM". I have already tried to set the Kerberos authentication. But when the same user acceses the sharepoint site which has a K2 task list, following message pops in K2 server console "RegManager using Kerberos".

2. When the approver of the document, approves the status of the document in K2 workspace and we have a Sharepoint server event which should update the status of the document in WSS. But this throws an error. It gives a "401 Unauthorized access" error in K2 server console.

ALso for enabling Kerberos, we need to use spn. Since I have two different domain accounts for K2 and Wss, so against which machine should i register the service account for WSS and which machine should i use to register the K2 service account. Do i need to register the k2 service account only with the K2 server or with the server having WSS also.
And should the wss service account(svcWSS) be registered with the WSS server and also with the K2 server and also with the Wss virtual server. e.g. If the SBS server name is SBS2003 and k2 server name is K2, so should i give all these commands
setspn -A HTTP/sbs2003.Impcorp.local ImpcorpsvcWSS
setspn -A HTTP/sbs2003 ImpcorpsvcWSS
setspn -A HTTP/companyweb Impcorpsvcwss ///companyweb is the name of the WSS site
setspn -A HTTP/k2.Impcorp.local ImpcorpsvcWSS
setspn -A HTTP/k2 ImpcorpsvcWSS

Alos do i need to set spn for Sql also.

Can anyone please help.

Regards
N