KERBEROS in 2015?

  • 28 October 2015
  • 3 replies
  • 1 view
L
Badge +1

Hiya,

I know KERBEROS is still recommended for a K2 Blackpearl Install. But in 2015 is it really needed anyone? what are the advantages?
We have a SharePoint 2013 Farm (on prem, still in 2010 mode). I've just found out K2 was installed with KERBEROS enabled BUT our SharePoint system has been set up using Claims (NTLM), none of the Service / Web Apps are configured for KERBEROS.

 

We've had nothing but trouble with K2, usually down to authentication problems.

Would we be saving ourselves a lot of problems by re-running setup and switching to use Windows Tokens?

 

16553i5CE5A377C467D962.png

 

Thanks

Laurence

3 replies

R
Badge +1

Hi Laurence,

 

Most of the Kerberos issues I've encountered has been a result of SPN's not being set correctly. It has been a while since I have had to set up K2 using Kerberos and it definitely is quite an involved set up...nevermind when it breaks. Troubleshooting Kerberos is not fun at all so I generally stay away from it where possible. 

 

I would say have a look at the following white papers (although I'm sure you probably have already) and gauge whether or not you feel Kerberos is what you need. It also depends what sort of setup you are running. 

https://help.k2.com/files/2605

https://help.k2.com/files/3533

https://help.k2.com/files/4608

 

I generally use pass-through because I really couldn't be bothered with all the extra bits involving Kerberos but having said that I haven't had a project where the architecture is complex or where Kerberos is a requirement.

 

Hope that helps in your decision making. 

 

Regards

Rick

 

J
Badge +6

It would also depends on how many servers are being involved. I would suggest that you engage a K2 consultant onsite to provide you with the necessary recommendations which best suits your environment and also to assist you with the installation. 


 


However, when you mentioned that "We've had nothing but trouble with K2, usually down to authentication problems.", what are the authentication issues which you are having? K2 utilized on the authentication mechnism fro Microsoft, therefore, most authentication issues which I've seen so far is misconfiguration. 

L
Badge +1

Thanks for the replies.

 

I'll have another look at the documentation. Since we are only using one K2 Server, but as a Farm not Standalone. I'm getting the impression we can use pass through authentication. It's unlikely that we'll load balanced multi server farm any time soon.

 

Our SharePoint Farms are using Claims:NTLM. I'm assuming that if K2 is using Kerberos, SharePoint also has to be set up for Kerberos.
This would require a significant re-configuration of our SharePoint deployment (which would probably be no bad thing!).

 

An example of a problem we have at the moment is that a K2 Workflow errors converting a Word Document to PDF in SharePoint WAS.

I'm on the Infrastructure Team, and unfortunately K2 don't offer an Admin / Infrastructure course.

 

We have had K2 consultants in the past. But it's unlikely we'll get any further support in the immediate future.

 

It's actually a long time since I was involved in K2, (did some work with SP2010, but not with SP2013). So I think I'll setting up yet another test system to try and get me head around things.

 

Thanks again.
Laurence

Reply


View our Community Site Map

Nintex Community Sitemap
Terms & ConditionsCookie settings