Hello,

One of our customers had a new starter whose entry into the AD system etc apparently went a little odd at first. Once consequence seems to be that when we call into K2 via the API for his tasks to be completed etc they processes aren't being progressed.

The error we see in the logs is (note I have removed our security label, his username and company domain for security purposes):

"680082778","2022-09-14 14:40:14","Error","General","1","GeneralErrorMessage","K2Worker.Action","1 26033 Worklist item 1819403_23 Not Open for {SecurityLabel}:{username}@{domain} at 10.15.150.85:57822

   at SourceCode.Logging.Logger.ThrowLogMessage(MessageObject LogMessageObj)

   at K2Worker.ActionInternal(ClientConnection con, Int32 version, ClientEventActionContext ctxt, WorklistItem* wi, ServerItem si, User forusr, String groups, String shareduser)

  at K2Worker.Action(Object ocon, ArchiveX ar)","","","basascprdappv02:C:Program Files (x86)K2 blackpearlHost ServerBin","680082778","1e02f178483f41be96640cb6ec5fa291",""

Looking in the Identity.Identity table we can see there are two entries apparently for him:

* One where there is nothing in the Label column, no Properties and the FQN is simply the {username}@{domain}, which is of Type 2 and has Enabled set to 0.

Resolved and ContainersResolved both = 0

Members Resolved=1 and ContainersExpire set to 1753-01-01

* The other, inline with other users, has our security label in the Label column and it's in the FQN, while it has ContainersExpireOn as current date, MembersResolved=0 and Resolved and ContainersResolved both =1 and it's of Type 1 and Enabled.

* of note, both have an identical value in 'Name' except for the version without the Security Label has an uppercase starting character.

What I'm wondering is if we can just delete the odd looking first entry without the security label? Or do I need to run some additional checks first? I can't see a way to examine and alter the User list within the Workspace website.