Symptoms

URGENT - "error issuing high trust token" - smart objects do not work after K2 database migration to another SQL Server
 

Diagnoses

The error is reproducible intermittently by moving the db to a different server, then reconfiguring K2 and K2 for SharePoint.
 

Resolution

In addition to creating new symmetric keys after the database move, the following steps must be done in order to repair token error.

IMPORTANT!

- Full K2 database backup must be taken before.
- Also ensure that you backup web.config file for workspace site - c:Program Files (x86)K2 blacpearlWorkspacesiteweb.config

Steps to repair K2 OAuth:

1. On the SharePoint Server and run the following PowerShell scripts as SharePoint Administrator
• Remove-SPTrustedSecurityTokenIssuer -Id "K2 for SharePoint"
• Remove-SPTrustedRootAuthority -Id "K2 for SharePoint"

2. Then checked to see that the Providers were deleted (there should be NO K2 High Auth Certificates for k2 for SharePoint)
• Get-SPTrustedSecurityTokenIssuer
• Get-SPTrustedRootAuthority

3. Then on the SQL server where the K2 DB is we run the following:
• DELETE FROM /K2]. HostServer].[Configuration]
WHERE VariableToken like 'ri]K2_SIGN%'
• TRUNCATE TABLE >K2].TAuthorization].KOAuthAppOnlyToken]

4. Then run the following scripts to ensure it had been removed:
• SELECT * FROM rK2].€HostServer].RConfiguration]
WHERE VariableToken like 'E ]K2_SIGN%'
• SELECT * FROM Authorization].OOAuthAppOnlyToken]

5. Then remove the K2 Certificate from the installation folder because we are going to generate a new one.
• Program Files (x86)K2 blackpearlHost ServerBinOAuthCertificates

6. Run a K2 BlackPearl Reconfigure from installation Media (This is where you installed K2 BlackPearl from originally, remember to make a backup of the workspace config file,)

7. Check to see if new Token and certificates were generated
• Program Files (x86)K2 blackpearlHost ServerBinOAuthCertificates
• SELECT * FROM iK2].sHostServer].LConfiguration]
WHERE VariableToken like 'r ]K2_SIGN%'
• SELECT * FROM 2K2].NAuthorization].EOAuthAppOnlyToken]

8. On the SharePoint Server as Farm Administrator Run the AppDeployment.exe ( remember that the user you run it as has to have rights on the K2 DB to be able to retrieve the certificate)