Note: This documentation gets updated only when necessary, as the product is in sustained mode. For product updates see the Release Notes.

Summary of Configuration Analysis Tool Checks

The Configuration Analysis Tool checks a large number of tasks, with different sets of tasks checked depending in the installation type. The list shown here is not exhaustive but shows typical checks.

For a list of all tasks checked and notes on individual checks, see the "Configuration Analysis tool all tasks.txt" text file. The file shows an example of the output of the tool with task check successes and failures and the duration the check took. There are also notes concerning many of the checks with further instructions.

Definition of variables used in the explanation below:

[USERSNAME] = The user that is used to run the K2HostServer Service.
[K2SITENAME] = The name that you chose for the K2 site during installation (usually the name is just K2)
[WORKSUSER] = The user under which the Workspace Application pool has been configured to run.
[SHAREUSER] = The user under which the SharePoint Deployment Application Pool is running.

Server

File System Permissions

The file permissions task checks if the requested user has the rights that is required on the specified path.

%SYSTEMROOT%\Temp – FullControl - [USERSNAME]
%INSTALLDIR%\Host Server\Bin – Modify - [USERSNAME]
%INSTALLDIR%\ServiceBroker – FullControl – Authenticated Users

Registry Permissions

LocalMachine\SOFTWARE\SourceCode\Logging – FullControl - [USERSNAME]
LocalMachine\System\CurrentControlSet\Services\EventLog – FullControl - [USERSNAME]
LocalMachine\System\CurrentControlSet\Services\Winsock2 – FullControl - [USERSNAME]
LocalMachine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing – FullControl - [USERSNAME]
LocalMachine\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Tracing\\MSDTC - ReadKey; - [USERSNAME]
LocalMachine\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Tracing\\MSDTC\\Misc - ReadKey; - [USERSNAME]
LocalMachine\\SOFTWARE\\Microsoft\\MSMQ\\Parameters - ReadKey;SetValue;CreateSubKey; - [USERSNAME]
LocalMachine\\SOFTWARE\\Microsoft\\MSMQ\\Parameters\\MachineCache - ReadKey;SetValue;CreateSubKey; - [USERSNAME]
LocalMachine\\SOFTWARE\\Microsoft\\MSMQ\\Parameters\\Security - ReadKey;SetValue;CreateSubKey; - [USERSNAME]
LocalMachine\\SYSTEM\\CurrentControlSet\\Services\\Eventlog\\Application - ReadKey;SetValue;CreateSubKey; - [USERSNAME]

Message Queue Enabled

Checks if MSMQ is installed correctly and checks that Directory Integration is installed.
As a test the tool tries to create a temporary queue with a random name and then tries to delete the queue.

MSDTC

MSDTC Network access

Checks if MSDTC is configured correctly on the machine.

MSDTC Server is Running

Checks if the MSDTC Service is running on the machine.

K2 blackpearl Server Running

This task checks if the K2 Host Server Service is running on the machine.

Database Rebuild Indexes

Executes the DatabaseCheckIndexes stored procedure to ensure indexes have been rebuilt in the database for the K2Server, K2ServerLog and K2SmartBroker tables.

Visit KB001281 to learn more about Rebuilding Indexes.

Database Symmetric Key checks

Symmetric keys for the K2HostServer, K2SmartBroker, K2SQLUM, K2SmartBox tables in the K2 database need to be detected.

K2 Workspace

Loopback Host Headers

This task checks in the registry if loopback host headers are enabled on the machine.

IIS Permissions

[K2SITENAME] – Set Site Negotiation
This task checks the sites negotiation settings. If a SPN is detected for the Workspace Application Pool User ([WORKSUSER]) then it should be “Negotiate, NTLM”. If a SPN is not detected it should be “NTLM”. If it is on a workgroup machine it should be Anonymous Authentication.
- Workspace – Set Virtual Directory Negotiation
This task checks the virtual directories negotiation settings. If a SPN is detected for the Workspace Application Pool User ([WORKSUSER]) then it should be “Negotiate, NTLM”. If a SPN is not detected it should be “NTLM”. If it is on a workgroup machine it should be Anonymous Authentication.
- RuntimeServices – Set Virtual Directory Negotiation
This task checks the virtual directories negotiation settings. If a SPN is detected for the Workspace Application Pool User ([WORKSUSER]) then it should be “Negotiate, NTLM”. If a SPN is not detected it should be “NTLM”. If it is on a workgroup machine it should be Anonymous Authentication.
K2 Application Pool Settings
This task checks that the K2 Application Pool has been created and that the it is running under the [WORKSUSER] account.
K2 Application Pool Account Permissions

Checks that the [WORKSUSER] is in the following group:
IIS 6: IIS_WPG
IIS 7: IIS_IUSRS

File System Permissions

The file permissions task checks if the requested user has the rights that is required on the path specified.

%SYSTEMROOT%\Temp – Modify - [WORKSUSER]
%SYSTEMROOT%\Temp – Modify – Authenticated Users
%INSTALLDIR%\WebServices\RuntimeServices – ReadAndExecute – [WORKSUSER]
%INSTALLDIR%\WorkSpace\ClientEventPages} - Traverse; ListDirectory; Append; WriteData; DeleteSubdirectoriesAndFiles; Delete – Authenticated Users

Web Deployment Projects

Checks if the Visual Studio 2008 Web deployment projects are installed on the machine.

Reporting Indexing

Check the K2ServerLog database to see if the table indexes are created. Also gives you information on how to create the indexes if they are incorrect.

HTTP Activation feature for Windows Server 2012

Checks if the HTTP Activation feature is installed on a Windows 2012 server (specifically with IIS 8). If the feature is not installed, clicking Repair will install it.

K2 Designer for SharePoint

File System Permissions

The file permissions task checks if the requested user has the rights that is required on the specified path.

%INSTALLDIR%\Processes – Modify – Authenticated Users
%COMMONAPPDATA%\SourceCode – FullControl – Authenticated Users

Database Permissions

The Central Application Pool User account must be one of the Server Roles on the SQL Server Instance:

Security Administrator
System Administrator

Web Deployment Projects

Checks if the Microsoft Visual Studio 2008 Web Deployment Project is installed on the machine.

SharePoint

K2 Server Service Account

The K2 Server Service Account must be a member of the Site Collection Administrators Group for all site collections where the K2 features have been deployed.

Loopback Host Headers

This task checks in the registry if loopback host headers are enabled on the machine.

Rights required to run the Analysis Tool on the SharePoint installation

This task checks if the logged on user is a Farm Administrator on SharePoint. The child tasks are dependent on the success of this task.

Permission required to deploy SPWI processes
This is an informative item that informs you that the users that deploy workflow integration processes need to be part of the Farm Admin and Site Collection Admin groups.
Cross-Domain Data Connections
This task checks if Forms Services allows cross-domain data connections.
File System Permissions

The file permissions task checks if the requested user has the rights that is required on the specified path.
%SYSTEMROOT%\Temp – Modify – Authenticated Users
%COMMONFILES%\Microsoft Shared\web server extensions\14\Template\Features – FullControl – Authenticated Users
%COMMONFILES32%\Microsoft Shared\web server extensions\14\Template\Features – FullControl – Authenticated Users. (Only on 64-bit systems)
%COMMONFILES%\Microsoft Shared\web server extensions\14\ISAPI – FullControl – Authenticated Users
%COMMONFILES32%\Microsoft Shared\web server extensions\14\ISAPI – FullControl – Authenticated Users. (Only on 64-bit systems)
%COMMONFILES%\Microsoft Shared\web server extensions\14\Template\Layouts – FullControl - Authenticated Users
%COMMONFILES32%\Microsoft Shared\web server extensions\142\Template\Layouts – FullControl - Authenticated Users. (Only on 64-bit systems)

Web Deployment Projects

Checks if the Microsoft Visual Studio 2008 Web Deployment Project is installed on the machine.

K2 for Visual Studio and K2 Studio

File System Permissions

The file permissions tasks check if the requested user has the rights that is required on the path specified.

%PROGRAMDATA%\SourceCode – FullControl – Authenticated Users

Web Deployment Projects
Checks if the Visual Studio 2008 Web Deployment Project is installed on the machine.

Exchange Integration Permissions

K2 Service Account

Checks that the K2 Service Account is a member of the Exchange View-Only Administrators Active Directory group.
Example result: The K2Service account is a member of the Exchange Organization Administrators Active Directory group and has cached credentials. All server events where Create or Disable Mailbox are used should be configured to use this account in the “Run As” dialog.
The K2Service account has the necessary Exchange Impersonation permissions on the Exchange server.

PowerShell 3.0 and WinRM Installed

Checks for the correct version of PowerShell and WinRM. These features are required for permissions check and assignment on the Exchange Administration and Standard tasks.

CRM PrivUserGroup Permissions

The INSTALL\k2server account needs to be in the Organization's PrivUserGroup for CRM.

This is a requirement in CRM when using K2 Pass-Through Authentication (ClientWindows) where the K2Service Account needs to impersonate as the Application Pool account when the account is anonymous.

This change needs to be made in Active Directory.