WS works but certain sections show a 400


Badge +4

Hi,


I have been installing K2 on a new development environment which is located in out DEV ad domain.


I found something interested where I am trying to access the Workspace using my browser on my laptop and my own user account. My laptop and AD account are in our "UK" domain.


The workspace loads fine from both a machine in the UK domain and DEV domain but when I try to access the "Server Rights" section from the "UK" domain or other sections I receive a "400 page not found" in the main frame of the workspace. If I try accessing when logged onto a machine in the DEV domain it works fine.


I can only start to assume it is something to do with a FQN in the config files. I have checked the web.config for the workspace and it looks fine.


Any suggestions?


Thanks


13 replies

Badge +10

From the Dev domain you only have issues with the workspace when you access the server rights section? Other wise the whole workspace works fine?

Badge +4

If I access the workspace from a machine located in the DEV environment everything works fine. I testing this on machine k2wsdev01.dev.domain.com using account DEVk2_service and UKgdavies.


The workspace does not fully work when loading the workspace up from my local machine located in the UK domain. uktel123.uk.domain.com. I tested with both DEVk2_services and ukgdavies.


Infact non of the sub sections work under the workspace navigation tree. The wrapper loads up fine, but whenever I click on any of the sections I get a 400 page not found in the main frame.


I have attached two screen shots to show the issue.



Badge +4

Just to clarify this is a HTTP 400 error and NOT a 404 error.


I have just complete removed and re-install the DEV Environment and I still face this issue, I am a little stuck now on what it could be.


The workspace works if I connect from the k2host server, and the IIS server where the workspace is installed but other machines it seems to failed with the HTTP 400 error.

Badge +10

I have done some research on this one and asked around to see if anyone has run into this situation. It is very different that what we would have expected to see happen in the workspace if there were problems with something in the domain.  I think we would need to look at K2logs, iis logs etc to try to narrow this down.  Would you mind opening a support ticket?  Then we can best track this one down. 

Badge +4

So this morning I am now receiving the following error when trying to load up from my local machine, however this works fine again on the server directly.


Badge +10

I definitely think its time to open a ticket.  Do you have access to the support portal to do so?

Badge +4

I do yes, thanks for your help. Although that last message seems to have gone now.

Badge +10

GREAT! After you get this fixed let us know what the resolution was so we can all share in it.


 


Thank a ton and i hope you can get it fixed quickly.

Badge +4

I am just updating a little further here for the record.


I managed to right click the frame and find the specific URL for the frame I was trying to load. In the server security tab this equals http://k2ws-dev.DOMAIN.com/Workspace/Management/Plugins/K2Server/Pages/Security.aspx?...


Now the interesting thing is that if I load this up in a separate browser window and not in the frame in the workspace it works!! So it seems to be something to do with the security and frames and javascript. I have seem this problem before some years back but I think it related to the brower pulling frames or javascript from server on different domains.

Badge +4

So, I have finally solved, or at least found where the problem lies. It is to do with the proxy configuration we have here.


It seems when the proxy receives the request for the main window it loads up fine, but when the request is coming from the iframe through a js refresh the proxy strips out the auth headers and we receive the http 400 error from the server.


I managed to unset the proxy completely and received the error on the entire website. When I manually added the proxy and set the domain to "intranet" bypass the entire site worked.


So I will investigate a little more with our IT guys to manage our proxy to see how we can fix this permanetly. Our test and production environments are OK as these are on our "LU" domain, but it appears the "INTDEV" domain where I have installed this is not correctly configured to have traffic bypass our proxies. At least for the iframe content anyway.


I think I can close my ticket and this thread now, due to the problem not really lieing with K2ws and more our infrastructure.


Hope this helps somebody else in the future.

Badge +10

Thanks for letting us know. I am very glad you are making progress!

Badge +4

After further investigation I believe I have found the root cause of this issue. I am only replying to maybe help somebody in the future.


After much investigation and troubleshooting it seems to be linked to the fact my specific user account is apart of many groups, which are nested within our AD structure.


When we configured Kerberos we completed a global policy update on all machines which set the max kerberos ticket size. However we had not set the max size for HTTP headers.


After changing the following settings on my client machine and k2 ws iis server the system now works.


Below are the steps I took.
1. Open Regedit
2. Go to HKEY_LOCAL_MACHINESystemCurrentControlSetServicesHTTPParameters
3. Add a new DWORD value named MaxFieldValue
4. Enter 32768 as a decimal value
5. Add a new DWORD value named MaxRequestBytes
6. Enter 500000 as a decimal value
7. Restart the computer


If you are having similar issues with loading websites up this could be the cause. I seem to have fixed the problem now for my K2 dev environment, but I still have an issue with some of our SharePoint sites.

Badge +4

After further investigation I believe I have found the root cause of this issue. I am only replying to maybe help somebody in the future.


After much investigation and troubleshooting it seems to be linked to the fact my specific user account is apart of many groups, which are nested within our AD structure.


When we configured Kerberos we completed a global policy update on all machines which set the max kerberos ticket size. However we had not set the max size for HTTP headers.


After changing the following settings on my client machine and k2 ws iis server the system now works.


Below are the steps I took.
1. Open Regedit
2. Go to HKEY_LOCAL_MACHINESystemCurrentControlSetServicesHTTPParameters
3. Add a new DWORD value named MaxFieldValue
4. Enter 32768 as a decimal value
5. Add a new DWORD value named MaxRequestBytes
6. Enter 500000 as a decimal value
7. Restart the computer

Reply