user has worklist item assigned, can see the task, but cannot action

  • 12 October 2011
  • 7 replies
  • 20 views

Badge +3

THis is really strange. I have a workflow that has a client event with approve/reject actions. They can see the task in workspace, but when they open it, message says, THere is no worklist items for this user, or the item has already been actioned.


I can redirect to myself and can open the items just fine. but when I redirect abck to him, again there is nothing he can do.


Another clue is that in the task list web part in sharepoint, there is no tasks waiting for him. I had redirected the user to a testuser , verified that i could see the tasks, but when he logged in as the same suer, he cannot see the tasks in the task list web part.


Very frustrating.


Dave Loomis! where are you? ;)


7 replies

Userlevel 4
Badge +14

Hmmm…what is the status on that Task? Available/Open or allocated? You can check this in Management Console.


Vernon

Badge +11

Let's take the items one at a time.  When they cannot open the task from the task list, is it opening in a custom page?  Is the error displaying in a custom page?  If the page is not properly getting the user's identity then it could be passing the app pool identity to K2.

Badge +3

Well first off, everything is stock. using workspace, no custom anything. Its strange as these users get their tasks fine(they get emails from client event so it knows how to resolve, I am using the format "domainuser" in the destination rule. This works for everyone except a group of users in Boston. I know in the past I have used the K2:domainuser prefix when assigning destination, but not sure that matters here.


Vernon, status is Avaialble.


btw Way, thanks Dave!


I see there are errors in the log file as follows.


09:02:38","Error","General","1","GeneralErrorMessage","K2Worker.ImpersonateUser","1 3014 A mismatch between the end user and the connection credentials has been detected. This may be intentional and will only require action if specific problems are currently being encountered. Refer to Kerberos and K2 Pass-Through Authentication settings (currently ClientKerberos) and documentation.","","","stp1pwa27:C:Program Files (x86)K2 blackpearlHost ServerBin","63788073","d3af17a0dfe74d89b51a96f40ada2be8",""


and


"63788109","2011-10-13 09:02:38","Error","General","1","GeneralErrorMessage","URM SERVER [FindGroups [string userName, IDictionary<string, object> properties, string labelName, string extraData]]","1 The format of the specified domain name is invalid. Resolving User:NT AUTHORITYANONYMOUS LOGON|   at ADUM.K2UserManager2.GetUser(String Name)
   at ADUM.K2UserManager2.FindSecurityGroupsWithDefault(String User, String Name, String Description, String domainLDAP, String uOrgUnit)
   at ADUM.K2UserManager2.FindSecurityGroups(String User, IDictionary`2 properties)
   at SourceCode.Security.Providers.K2UMProvider.K2UMProvider.SourceCode.Hosting.Server.Interfaces.IRoleProvider.FindGroups(String userName, IDictionary`2 properties)
   at SourceCode.Security.UserRoleManager.Runtime.UserRoleManagerServer.FindGroups(String userName, IDictionary`2 properties, String labelName, String extraData)","anonymous","0.0.0.0","stp1pwa27:C:Program Files (x86)K2 blackpearlHost ServerBin","63788109","6cd921dbd7f841dd9f38fb059492d208",""


also noticed in the file called adumerror there is an entry whenever this user tries to open his task in workspace. error as follows:


13-10-2011 09:16:44::134 GetUser
The format of the specified domain name is invalid. Resolving User:NT AUTHORITYANONYMOUS LOGON
   at ADUM.Translate.NameToDN(String Name)
   at ADUM.K2UserManager2.GetUser(String Name)


 


EDIT


I jumped onto a different machine in the same area as my suspect user in Boston and had suspect user log into that machine. He has no problems.


In my mind this rules out the possibility of it being a kerberos issue.

Badge +3

Hi,


We got this issue many times with our users, it sounds like you got the same issue and the issue certainly seems to be with Kerberos. These are the few things we do usually.


1. Go to IE browser and got to Tools --> Internet options. In the dialogue box go to Security Tab and in that select Trusted Sites in the Box and click on Sites button. That opens a list of sites, where you can add your site name ex: *.google.com , http://google.com (replace your company SharePoint Sitenames and domains).


2. Under Security Tab -- click on Custom Level button and that opens a dialogue box and in that scroll to a section called "User Authnetication" and in that select the option called "Automatic logon with current username and password". ( This is required for windows authentication sites)


3. Some times the browser stores wrong usernames and passwords, so we delete the passwords in browser settings ( not many times)


4. We use KList.exe very rarely ( I am not so comfortable with this option, so not providing many details on this).


So the above steps are given as per priority, try to fllow the steps (till 3) that may solve your user's issue.


 


 

Badge +3

In response to nivas:


1.Nope


2.Nope


3.Nope

Badge +1

Having same problem, did you ever find solution?

 

Userlevel 5
Badge +18

Perhaps check the [Server].[Actioner] table in the K2 database.


Usually if the task is assigned to a user, an entry will exist for this user in this table in the format 'K2:DENALLIXCodi'.


Please ensure that there is no leading or trailing white space for this entry.


Perhaps using a LTRIM and RTRIM against this user/row with a WHERE clause:


 


UPDATE [Server].[Actioner]
SET [ActionerName] = LTRIM(RTRIM([ActionerName]))
WHERE [ID] = 1


 


* Replacing 1 with the actual ID for this row


Retest


If this appears to resolve the issue, how this is destination set configured?  If applicable, perhaps perform trim expressions within the workflow prior to assigning in the user task.

Reply