EPICENTRExhutchinson does not have permissions to start the process

  • 24 October 2008
  • 4 replies
  • 0 views
X
Badge +1

I am not sure if this error message is a victory or a pitfall against my now 8 hour long battle against the evil kerberos demon that lives in my network.


I have set spns for the server, and restarted. That took me from "NT AUTHORITYANONYMOUS LOGON does not have permission" to "EPICENTRExhutchinson does not have permissions to start the process" (which is me btw :P)


and i just refreshed the page, and we are now back to NT Authority again....


 If anyone can help  me i'd really appreciate it.


 


Thanks,


 


Xavier.

4 replies

D
Badge +11

Kerberos is a necessary evil.  It is a foul smelling beast with bad breath and sharp teeth that will make you bow down before it and beg for mercy.  Then it will steal your lunch money and laugh at you.  But hey, that's just my experience, yours might be better.


It sounds like you are making progress.  If you are getting the message saying a domain user does not have start rights, that means the identity is being passed from browser to web server to K2 server.  To fix this message you need to grant that user the right to start the workflow. Go to the management console, drill down to the process, and under “Process Rights” give this user Start or Admin rights.

X
Badge +1

I am getting NT Authority errors again, so i guess the credentials from the browser are not making it to the k2 server again. The interesting thing is... I haven't changed anything since my last post. All i did was go home and get some sleep. :)


 This is the output from K2Error.log when I recieve a NT Authority error:


25-10-08 08:53:07    User.GetAllRights: Unknown error (0x80005000)
   at ADUM.K2UserManager.GetUser(String Name)
   at ADUM.K2UserManager.FindSecurityGroups(String User, String Name, String Description)
   at SourceCode.KO.User.GetAllRights(String name)
25-10-08 08:53:07    CreateProcessInstance: NT AUTHORITYANONYMOUS LOGON does not have permissions to start the process
   at K2Worker.CreateProcessInstance(Object ocon, ArchiveX ar)
25-10-08 08:53:08    K2ClusterServer::CheckRunning: Could not connect to EPIC05

X
Badge +1

Incidently, The workspace is now loading correctly for each user, and is showing their domainusername correctly. It is only when i run our K2 Visual Basic apps that I recieve this issue.


These apps were working correctly on our old server and have not been changed since...

J
Badge +9

I would normally start by turning on Kerberos logging (requires a machine reboot) and replicate the error.  Check the event logs for kerberos errors.


Hopefully this will give some clues as to why it is failing. 


To turn on Kerberos logging use regedit


HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaKerberosParameters
Registry Value: LogLevel
Value Type: REG_DWORD
Value Data: 0x1

Reply


View our Community Site Map

Nintex Community Sitemap
Terms & ConditionsCookie settings