Access Denied to Workspace


Badge +6

I'm having an issue connecting to the K2 Workspace from any computer other than the server where it resides.  When i try to connect to http://servername:8081 i am prompted for credentials but no matter what I enter it won't connect.  I've performed the Disable Loopback and checked that all sites are running under the appropriate app pool in IIS.  Anyone have any ideas?


13 replies

Badge +5

Have you ever been able to get to Workspace at all?


Do you get a specific error message?


 

Badge +6
I can get to the workspace from the k2 server, but not from any other machines.  I'm just getting a 401 access denied error.
Badge +5

Have you done any logging when you try this? Or console?


Out of curiosity, what type of authentication are you using with IIS or are you using different security settings that are not default when creating a site in IIS?

Badge +6

I'm getting no errors other than the 401.1 in IE when trying to connect.  There is nothing in the event log and nothing on the Host Server Console.


 I setup the Workspace site according to the rights oulined in the k2 installation help file.


 I've attached a screenshot of IIS.


16237iC3E280C57857E519.jpg
Badge +5

I know I am asking quite a few questions here trying to help, but I am trying to narrow it all down. Sorry about that.


1.) Is the account running the K2 App pool the same as the login on the server that can access workspace? So when you login in to the computer are you using the same credentials as the service.


2.) Are you using a different login from a client computer to access workspace?


The reason I ask this is because my BP server is running completely under my credentials, and when someone else tries to go there they get denied, just it isn't like your with a 401 error.


 Also, have you ever gone into workspace and modified the permissions specifically? Mine for example has no permissions for security in workspace.


K2 Workspace

Badge +6

I appreciate all the help.


 1) I can login to the workspace under any number of accounts as long as i do it on the server.  For example, I am logged in to the system as Administrator and can get to the workspace.  The workspace app runs under the account k2workspace.  The workspace will also work for my user account if I login from the server only.


 2) I've tried all the logins that should have access to the workspace from different PCs and it makes no difference.

Badge +9

jthrasher,


Have you added the workspace server to the trusted sites in IE as well as enabled "Automatic Login with username and password" for this zone in IE?


HTH.

Badge +6

Yes, i have added the workspace site to the trusted sites and enabled "Automatic Login with username and password" and I'm still experiencing the problem.


 Thanks

Badge +11

What does your environment look like?  Is IIS installed on your K2 blackpearl HostServer machine?


If so, try to access the workspace by using the IP address instead of the servername from the client machines.


If this does work, you'll need to set the NTAuthenticationProvider of the Workspace site explicitly to "NTLM".


As far as I know, IIS6 will by default attempt Kerberos authentication when using the servername while using the IP address will attempt NTLM authentication.


HTH,


Ockert

Badge +3

Did you do all the steps in this artical?


http://kb.k2workflow.com/articles/kb000171.aspx


 

Badge +6

ok, so when I enter the IP address instead of the server name I am prompted for my credentials, then I can login.  so how do i force NTLM on the workspace site?


BTW, environment is as follows:


Machine 1: MOSS 2007, K2 BlackPearl, IIS


Machine 2: SQL Server 2005

Badge +6

I followed these steps from the linked KB article and all seems well now.  I can access by IP or server name.  Thanks all for the help.


 


Try adding the NTAuthenticationProviders tag to the site and setting it to Negotiate,NTLM



  1. Open a command prompt
  2. Navigate to c:InetpubAdminScripts
  3. Run the following command where xx is the identification number for the web site. (you can find the identification number in IIS manager by selecting the web sites folder and looking in the right hand pane)
  4. cscript adsutil.vbs set w3svc/xx/NTAuthenticationProviders "Negotiate,NTLM"
Badge +5
icon-quote.gifOckert:

If this does work, you'll need to set the NTAuthenticationProvider of the Workspace site explicitly to "NTLM".



Hello, I was having the same problem. Setting the workspace explicitely to "NTLM" solved the problem.


Is the documentation wrong in some way ? It says setting "Negotiate,NTLM" for the workspace, but then the Workspace only works on IP.

Reply