401 Unauthorized when attempting to start from Doc Library

  • 9 September 2010
  • 4 replies
  • 3 views

Badge +8

By using the Sharepoint events integration the process is supposed to start when a new item is added to a document library. WHen I add an item to the library I am seeing an error in the Sharepoint server event log:


Event Type: Error
Event Source: K2 SharePoint Events Integration
Event Category: None
Event ID: 0
Date:  9/9/2010
Time:  11:02:36 AM
User:  N/A
Computer: VMLGMTDVIN01
Description:
An error occurred while executing the following method: StartNewProcess
The following error occurred while trying to start the process I2II2I:
The request failed with HTTP status 401: Unauthorized.


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


I am running in a distributed environment with Sharepoint on a separate server. I havve other processes that use this Sharepoint server to create libraries and such so I don't think this is a Kerberos issue. The user adding the document does have rights to start the process.


 


 


Edit/Update I am actually able to get this to work if I upload the document from the Sharepoint server. This implies some sort of authentication issue. When I upload from a satellite pc I never see any action in the K2 console so it appears that the issue is somewhere on the Sharepoint box.


4 replies

Userlevel 4
Badge +14

I think this might be related to permissions on the doc lib itself for the user and or the Service accounts. You can try giving the service accounts and then the user contribute rights on the library


HTH


Vernon

Badge +8

Thank you for the suggestion. The user and the service accounts are all site owners on this site so I am assuming that is enough permission for the workflow to start.

Badge +8

Like Vernon mentioned, 401 means that the account accessing resources in the web server does not have permissions to do so. In this case, it seems like delegation is failing for the call (I take it your Workspace is installed on a different server). 


You will notice that a call is made to the RuntimeServices site in the Workspace machine, to check what account is making the call, have a look at the IIS logs for the machine. If delegation is failing, you will see three consecutive 401 errors for that call. If delegation is not the cause, you will see the ID of the user that made the call. You can also enable Kerberos logging for the SharePoint and Workspace servers, any delegation issues will be logged to the machine's system logs:


http://support.microsoft.com/kb/262177


Finally, if you are using Windows 2008, have a look at the following post, in particular, have a look at point 3 (the windowsAuthentication node) and also make sure that the RuntimeServices web site's web.config has these settings added correctly.

Badge +8

Thanks guys, your responses made me go back and look over my setup once again. DC I didn't realize that the call was making it to the K2 server I thought I was receiving the 401 on the Sharepoint server, it turns out I had a duplicate SPN (so much for assuming my setup was correct).


 


Thank you again,

Reply