KB003652

SharePoint tenants created after 25th August 2020 have the DisableCustomAppAuthentication setting enabled by default. If the workaround in this article has not been performed, any interaction with SharePoint Online will cause a 401 Unauthorized error. This article describes an example of this issue in K2 Workflow, but the issue also occurs in Nintex Workflow Cloud.
See the following related article for more information:

• Error while opening Nintex Workflow for Office 365 App "Oops... something went wrong. Please visit status.nintex.com for the latest status or contact your system administrator to check the health of your Office 365 tenancy"

Issue:

When creating a K2 workflow that starts with a SharePoint event, such as Item added, a 401 error is logged to the K2 host server, and the remote start event does not work.

Error message:

The following error message is added to the K2 host server log:

You may also see the following error message:

Cause:

In September 2020 Microsoft turned off SharePoint App-Only tokens by default.

You can verify this is the cause by running the following command using the latest version of SharePoint Online PowerShell. If the result is True, use the workaround to change it.

Workaround:

1. Follow the steps in Granting access using SharePoint App-Only to enable SharePoint App-Only tokens.
2. Connect to your SharePoint tenant as an administrator and use the latest version of SharePoint Online PowerShell to run:set-spotenant -DisableCustomAppAuthentication $false
3. This setting takes about five minutes to update within your SharePoint tenant. Once it applies, you can create K2 workflows that start on SharePoint events.