Skip to main content


 

Symptoms


When using SSL offloading via a load balancer, the following error is encountered: K2TSTS10001: An error occured while processing a WS-Federation sign in request (invalid_realm) when attempting to run the registration wizard
 

Diagnoses


In this case, K2 was configured with only non-SSL bindings, as SSL offloading was to be used.

This creates a situation where K2, being unaware of the intended load balancing, sets several realm values, and STS values to non-SSL when they will need to be SSL, and does not create several environment library fields that the registration wizard will later depend on.
 

Resolution

The least painful way to resolve this was to simply create the :443 bindings and set the hostnames to match what the load balancer will have. As the DNS entry points to the load balancer, no site will actually ever use the :443 bindings in IIS, however, this will "trick" the K2 installer into creating everything as if it were to be SSL on K2's side. From there, the load balancer takes care of the rest.

Please note, K2 support provides limited support with load balancing issues. Typically, we recommend working with your load balancer vendor in most cases.




 
Be the first to reply!

Reply