24411 error after active directory name change

  • 24 November 2017
  • 3 replies

Badge +5



I have a user whose name was updated in active directory and now she receives the 24411 Worklist could not be opened <username> is not allowed to open the worklist item error. I have removed the account from K2 workspace and readded, cleared the cache using 'Force Identity Service Refresh' tool and  tried the below in PowerShell but she is still getting the error. Can someone please advise? 


$objUser = New-Object System.Security.Principal.NTAccount "mydomain<new account name>"




Best answer by tin 3 January 2018, 17:45

View original

3 replies

Badge +18

I believe this may depend on the client event was configured:


1.  Was the user located and dragged a dropped into the destination set?  Or is this user perhaps part of a group/role membership?


a.  If it is assigned directly to the user 'K2:CONTOSOob' and this user was renamed to 'K2:CONTOSOob2'; then the process will still try to assign it to the string 'K2:CONTOSOob'; in which case, you would have to delete this and drag in the new username 'K2:CONTOSOob2' and redeploy the process.  Only new process instances will see this change.


b.  If a group or role is used, you may have to refresh or wait for group or role membership to update and the change would only be effective if a GoToActivity (existing instance) or a new process is started.


2.  To resolve a running instance, you may be able to Redirect this task to the new user's name using the management task list (and possibly fix the process and deploy so that new process instances will also know the change):

Badge +5

Hi Tin,


Thanks for your reply. 


The workflow is set up to use a 'Split' function depending on what value has been selected on the form e.g. if the department is payroll it will read the payroll user and assign the task to them. I have attached a screenshot. The email is being sent to the user ok but when she tries to open the task she receives the error. 



Badge +18

What is this 'Divisional Personnel.Read.Payroll' field?  Is this the column returned from SQL SmartObject read method?  That would be in the format:




If so, you will likely need to update this backend so that the user's logon name matches the user's new logon name.


Please note that the task will assign to any sort of string that you pass it and does not validate if it is a valid user name, group or role; this validation will need to happen during design time.


As such it may be possible to update this value in the back-end (SQL table, smartbox smartobject, sharepoint list, etc) and then perform a GotoActivity (if applicable, and there are no parallel path) to re-assign the task to the correct value.