Hi,
I'm having a problem where a K2 project has been developed in a environment, using it's own Active Directory. The processes where all developed using Destination Rules. I removed the existing destination rules, re-added them to use AD User groups on our (a different) domain and the exported the process to the K2 server. The K2 server and AD is not on the same machine (where as when developed, they were).
Whenever I deploy, I get the an error message like following in the K2 console for each of the destination queues:
22-03-06 11:40:39 K2DestQueue.RunDestQueue: ResolveQueueInternal: The Queue data could not be resolved, please consult the ADUMError.txt file.
at ADUM.K2UserManager.ResolveQueueInternal(String QueueData)
at ADUM.K2UserManager.ResolveQueue(String Data)
In the ADUMError.txt, I get the following kinds of errors:
22-03-06 11:54:53 NameToDN
Access is denied.
at ActiveDs.NameTranslateClass.Init(Int32 lnSetType, String bstrADsPath)
at ADUM.Translate.NameToDN(String name)
Additional Information
NameToDN(Name: MYDOMAINcharl)
22-03-06 11:54:53 GetUser
Unknown error (0x80005000)
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.RefreshCache()
at ADUM.K2UserManager.GetDirectoryEntry(String path)
at ADUM.K2UserManager.GetUser(String Name)
Additional Information
GetUser(MYDOMAINcharl)
22-03-06 11:54:57 ResolveQueueInternal
The specified domain either does not exist or could not be contacted
at SourceCode.K2Utilities.DSHelper.GetDefaultLDAPDomain()
at SourceCode.K2Utilities.DSHelper..ctor(DSHelperNewOptionsEnum options)
at ADUM.K2UserManager.ResolveQueueInternal(String QueueData)
Additional Information
ResolveQueueInternal(<DestinationQueues><DestinationQueue><SendToBehaviour Name="Send To" Type="sendto"><SendToItem Name="MYDOMAINAdmin-IT" Type="group" Path="LDAP://CN=Admin-IT,OU=MyOrganization,OU=MYDOMAIN,DC=MYDOMAIN,DC=local" /></SendToBehaviour><SendToBehaviour Name="Send To Manager" Type="sendtomanager" /><SendToBehaviour Name="Send To Peers" Type="sendtopeers" /><SendToBehaviour Name="Exclude" Type="exclude" /></DestinationQueue></DestinationQueues>)
Extremely strange is that the first two error messages use MYDOMAINcharl for AD access (which is a valid Domain User, so not in itself a problem), even though on the server I'm logged in as Administrator (domain) and the K2 Server Console was started by the Administrator user.
I can't what the problem is. From K2 studio, I select the user groups from the domain, so information passed to K2 Server HAS to correct. The only thing that it might be is that the K2Server can't contact the domain server. The K2 server is part of the domain (joined to the domain) and there isn't any communication problem between the two that I can find.
Any suggestions?
Thanks
Charl
+11
Hi Charl,
The 'Access is denied' error tells me that the user running K2.net Server has not got the appropriate permissions to query AD. Are you 100% sure that this Administrator user is a domain admin and NOT just a local machine Admin? Try to start the K2.net Server as a normal domain user like 'MyDomainCharl' and see whether you get the same problem.
Regards,
Ockert
The 'Access is denied' error tells me that the user running K2.net Server has not got the appropriate permissions to query AD. Are you 100% sure that this Administrator user is a domain admin and NOT just a local machine Admin? Try to start the K2.net Server as a normal domain user like 'MyDomainCharl' and see whether you get the same problem.
Regards,
Ockert
+2
Hi Ockert,
Yep, that was it. It wasn't the domain admin, but the local admin! Somebody in the dev team logged off and back on as the local admin!
Thanks for you help!
Charl
Yep, that was it. It wasn't the domain admin, but the local admin! Somebody in the dev team logged off and back on as the local admin!
Thanks for you help!
Charl
Reply
View our Community Site Map
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.