PavelS
Apprentice

Integrating K2 with Exchange Online and using OAuth

Hello community

I am trying to configure K2 against Exchange Online with OAuth according to the article K2 and upcoming changes to Exchange Online authentication. I have a server in on-prem with AD only, no integration with AAD. I have tried K2 blackpearl 4.7 and K2 Five 5.5, both with the latest updates. I just want to send mails from K2 directly to Exchange Online and maybe try SmartActions.

 

I think there are a few inaccuracies in the article, but I've gotten past some of them, but I think I have two problems near the end:

 

1. a simple test workflow fails to send a notification in the Task step, with a message:

"Error","General","1","GeneralErrorMessage","EwsMessageDestination","1 The From Adress is empty or missing","anonymous","0.0.0.0","SRV03:C:\Program Files (x86)\K2 blackpearl\Host Server\Bin","1233361","92a69cd253b043dea89695787f260c1a",""
"Error","MessageBus","61007","SendMessageException","MessageBusRuntime","61007 Permanent failure sending message New Task: System.Exception: No destinations could send the message New Task.

 

What helped me was to disable SmartActions, in K2HostServer.exe.config set enableListeners="false".

 

2. when I leave Autodiscovery = True in ConnectionStringEditor, I get an error over and over again in the HostServer and Windows Event log:

"Error","MessageBus","61012","ConnectionError","ExchangeWebServicesOrigin","61012 Exception from message source K2_Service@mydomain.com: Microsoft.Exchange.WebServices.Data.AutodiscoverLocalException: The Autodiscover service couldn't be located.

Once I turn off Autodiscovery, restart the K2 service, the errors disappear, I don't notice any problems.

 

But why is Autodiscovery not working when the article says it should be on?

 

These my test environments were only installed against SMTP, in this case when I want to use Exchange Online do I have to run K2 Setup Manager and reconfigure the whole K2 to almost at the end enable the use of Exchange Online and SmartActions, when I then set it up manually anyway according to the article?


I don't understand why according to the article, paragraph Verifying the changes, at the end of the article, letter D, it is necessary to have the AAD security label when I don't have any integration with AAD in K2.

 

Do you think that the steps described for K2 4.7 and 5.0 are also applicable for newer versions (5.1 to 5.5), if I am not interested in activating the whole Exchange Online Feature? I think so.

 

Finally, I have TLS set according to the K2 and TLS 1.2 Support article and the Minimum Requirement paragraph.

 

Thanks for your possible comments and experiences.

Labels: (2)
0 Kudos
Reply
1 Reply
PavelS
Apprentice

Re: Integrating K2 with Exchange Online and using OAuth

I managed to solve all my problems. Here are my notes to the article K2 and upcoming changes to Exchange Online authentication.

 

1. My Autodiscovery setting in ConnectionStringEditor is always False

 

2. In [K2 installation path]\Host Server\Bin\K2HostServer.exe.config in the "system self" tag I have the K2 service account listed as domain "K2:MYDOMAIN\K2_Service" including the K2 security label, because I don't have the AAD security provider.
When I left the account here as UPN - "K2:K2_Service@mydomain.com", I was not getting notification of the assigned task and errors appeared in the Hostserver log like:

"64007 Provider did not return a result for K2:K2_Service@mydomain.com on GetUser"
"1 The From Address is empty or missing"
"61007 Permanent failure sending message New Task: System.Exception: No destinations could send the message New Task.

 

3. I have SmartActions enabled, in [K2 installation path]\Host Server\Bin\K2HostServer.exe.config in the tag "system self" I have enableListeners="True" and SmartActions work. When I want to disable SmartActions, I change this key to False and restart the K2 service.

 

4. The settings mentioned in the article as "Solution Steps: K2 Five 5.0 and K2 blackpearl 4.7" work for me in K2 Five 5.5 too. That is, unless I'm interested in some more integration of K2 with Exchange Online for tasks and appointments, etc., and just need to send email notifications.

 

5. The article doesn't mention how to request an OAuth token, after all the previous things I set up and now I'd like to test it to see if it works. What helped me was the test workflow with the Send mail and Task steps that I ran and the new process fell into Error where the message was:

 

OAuth token is expired and requires reauthorization.
User: K2 Service Account (display name of my service account in AD)
URL: long URL with "&prompt=admin_consent" at end

 

I copied that URL and opened it in a browser, logged in as a user with Global admin rights in O365, and confirmed the requested rights.
The token is then visible in K2 Management -> Authentication -> OAuth -> Tokens.
Then just click on Retry above the process in the error and it runs again.

 

6. I didn't have to go through the K2 reconfiguration when I was originally set up K2 to use SMTP and wanted to switch to Exchange Online, just follow those steps. If you still go through the K2 reconfiguration, you have to set up OAuth again in the ConnectionStringEditor, which will disappear during the reconfiguration.

 

7. In the ConnectionStringEditor, the "OAuth Resource" parameter must always contain the OAuth Resource name for the Exchange Online integration created in K2 Management, never the name of the App you register in Azure AD.

 

8. In [K2 installation path]\Host Server\Bin\K2HostServer.exe.config in the sendmailfrom property I have the email address of the K2 service account, the same as the one in O365, not some "the Azure admin email address" as mentioned in the article.

 

Hopefully these notes will help others when setting up sending mail to Exchange Online and OAuth.

0 Kudos
Reply