Workspace error in one-way trust AD domains environment

  • 28 October 2008
  • 3 replies
  • 5 views
J
Badge +1

My client has two AD domains with one-way trust only. The K2 server is installed in Domain A while domain B is trusted by domain A.


After I added this connection string for Domain B in the web.config of k2 Workspace, the following error shown when accessing the Workspace:



Connection String :
<add connectionStringName="ADConnectionString2" connectionProtection="Secure"
enablePasswordReset="false" enableSearchMethods="true" requiresQuestionAndAnswer="false"
applicationName="/" description="Default AD connection" requiresUniqueEmail="false"
clientSearchTimeout="30" serverSearchTimeout="30" attributeMapUsername="sAMAccountName"
name="AspNetActiveDirectoryMembershipProvider_Domain2" type="System.Web.Security.ActiveDirectoryMembershipProvider,System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />


Workspace Error:
Initialization failed before PreInit: Wrong workspace configuration: Can not use anonymous logon with Windows security configuration in Workspace
Possible causes
- using anonymous logon in IIS while Windows security is specified in Workspace configuration
- current logged on user can not be verified against the Active Directory Membership provider
- please review log files for more information


Even there are few discussion threads about this error, none of them is about multiple AD domain configuration.


It seems to me that the K2 workspace (installed under DomainA) is not able to query the Domain B.


Thanks.

3 replies

S
Badge +3

have a look at the following KB


http://kb.k2workflow.com/articles/kb000182.aspx


 


Shaun

C
Badge +6

Although I have not seen this exact error on the Workspace I believe you might be running with Anonymous access on the Workspace site.


 Can not use anonymous logon with Windows security configuration in Workspace


The fact that you have a server domain and a user domain with a one way trust (server domain trusts user domain) will mean that the K2 accounts will not be able to query the user domain.


For this to work you will have to create the K2 Workspace and service account in the user domain. This way the account has access to AD in the user domain (to resolve group memberships etc) and the trust allows the service in the trusting domain to run as these accounts.


 HTH

G
Badge +5

Like Conrad, I have not seen this EXACT error message.


However, in one-way trust situations, you need to have the K2 Workspace and K2 Service accounts in the TRUSTED domain.  So, even though the K2 server is installed in Domain A, the accounts that run those services need to exist in Domain B.


As Shaun mentioned, read KB000182 for multiple domains.


Also read KB000285 - if you used an account in Domain A to initially install K2, you will need to use this KB to change domain settings to point to Domain B.


Finally, with one-way trust between two forests, you will need to use KB000198 to configure the EventBus message queues.


HTH!

Reply


View our Community Site Map

Nintex Community Sitemap
Terms & ConditionsCookie settings