Troubleshooting

This topic describes potential issues that you may experience and troubleshooting steps when working with SharePoint Online with Nintex K2 Cloud.

Known issue

Authentication or redirect errors when navigating to SharePoint Online Nintex K2 forms or webparts.

Explanation

Google is rolling out changes to block third-party cookies in the Google Chrome browser. This affects Nintex K2 for SharePoint which loads Nintex K2 forms in an iframe. Due to the SharePoint and Nintex K2 sites being on different domains, if blocking of third-party cookies are enabled this results in login failures due to authentication cookies that cannot be set by the browser.

See Prepare for the third-party cookie phaseout for more information about timelines.

When third-party cookies are blocked, any of the following errors may occur when navigating to a Nintex K2 for SharePoint form.

Description Error
Third-party cookies blocked browser notification.
HTTP Error 401.2 - Unauthorized.
Active Directory Federation Services (ADFS) Login loop - Nintex K2 URL redirected you too many times.
Nintex K2 Cloud: Server Error Session is invalid (http 500 error).

Resolution

Configure Google Chrome to allow third-party cookies exception for Nintex K2 and SharePoint sites. Depending on whether Chrome Enterprise or mainstream version is deployed, it can either be configured manually or using Group Policies.

A future version of the product may include fixes to enable sites to work with blocked third-party cookies.

Follow the steps below to allow or restrict third-party cookies manually:

  • On your computer, open your Google Chrome browser.
  • At the top right, click More , and then Settings.
  • Click Privacy and security and then Third-party cookies.
    If you are part of the Tracking Protection test group, select Tracking Protection instead.
  • Next to Sites allowed to use third party cookies, click Add.
  • Enter the Nintex K2 and SharePoint domains for example https://nintex.k2test.net and https://[tenant].sharepoint.com. Click Add after adding each domain.

    To create an exception for an entire domain, insert [*.] before the domain name. For example, [*.]k2test.net means that third-party cookies can also be active for nintex.k2test.net and workspace.k2test.net.
  • Your sites are now added to the sites that are allowed to use third-party cookies.

Follow the steps below to allow third-party cookies exception using Group Policies. See Allow third-party cookies from specific URLs for more information.

  • Set the BlockThirdPartyCookies policy to true to restrict all third-party cookies.
  • Set specific top-level sites to allow third-party cookies by adding each of them with a comma-separated third-party/top-level site pair to the CookiesAllowedForUrls policy.
    You can allow all third-party cookies on a particular site by using a wildcard, *, instead of a third-party URL.
    For example, to allow cookies on nintex.k2test.net, add https://nintex.k2test.net,https://[tenant].sharepoint.com to the CookiesAllowedForUrls policy.