There are some subtle changes to configuring a Windows Server 2008 environment.  I recently did a K2 installation within an environment where all servers were running Windows Server 2008 SP2.  Below are some issues I encountered and how I got around them.  In speaking with others that have done installs in Windows 2008 it sounds like these are not always encountered, but I thought it worthwhile sharing in case someone does come across one or more of them.

1.       IIS & Windows Authentication

When initially installing K2 Workspace on the server running IIS7 in the, the K2 Configuration Manager would not permit it to be configured because IIS did not have Windows Authentication enabled.  When I checked out this site in IIS I found that Windows Authentication was not even an option to be enabled.  After following the instructions in the below blog and doing an IIS reset for good measure, I was able to enable Windows Authentication for the site and the Configuration Manager proceeded.

http://weblogs.asp.net/zroiy/archive/2008/08/17/missing-windows-authentication-provider-for-iis-7-on-windows-server-2008.aspx

2.       DTC and Windows Firewall

The first time I tried to deploy a SmartObject I received a “root element is missing” error.  After doing a little digging it seems that Windows Firewall will block DTC by default.  Since DTC is required on all server machines running K2 components, simply I simply opened up Windows Firewall on each server in the mix and adding an exception for DTC.  After doing this my SmartObjects deployed without issue.  FYI, details on how to enabled firewall exceptions for MS DTC can be found here:

                http://technet.microsoft.com/en-us/library/cc725913(WS.10).aspx

3.       K2 Webpart failing to connect to K2 server

After deploying the K2 task list webpart, I tried to configure it.  After wiring it up to the proper K2 server and ports, I received “failure to connect; no such host” messages.  I confirmed my K2 service was up and running.  In watching the service in console mode I did not see any activity hitting the K2 sever at all.  I was able to ping the K2 server without issue from the SharePoint server.  I then tried telnetting to the K2 server workflow (5252) and host (5555) ports.  These both failed.  NOTE:  the telnet utility is considered a feature in Win 2008 and may not be enabled on the system you are working on.  To enable it you can following the instructions here:  http://www.elmajdal.net/Win2k8/How_To_Enable_Telnet_In_Windows_Server_2008.aspx. 

Once confirmed that I couldn’t connect to the ports, it started to sound like another Windows Firewall issue.  I then opened Windows Firewall again on the SharePoint server and added some custom exceptions to unblock the workflow port (5252) and host port (5555).  After completing this, the webpart was able to connect to the K2 server with out issue.

4.       Not able to connect to K2 workspace from a machine other than the server running K2 workspace

Workspace opened without issue when browsing to it on the local IIS server. However whenever I tried to connect to it from a different machine in the domain, I got prompted for my credentials three times then was rejected with a 401 error.  Long story short, it turns out that while Windows Authentication was enabled for the Workspace, no authentication protocols had been configured.  This was confirmed by opening the appplicationhost.config file (C:\Windows\System32\inetsrv\config\ applicationHost.config) and then locating the <security> node within  Workspace entry.  It looked something like:

                                                            <windowsAuthentication enabled="true">

                                                                </windowsAuthentication>

I changed it to read:

                                                            <windowsAuthentication enabled="true">

                                                                                <providers>

                                                                                                <clear />

                                                                                                <add value="NTLM" />

                                                                                                <add value="Negotiate" />

                                                                                </providers>

                                                                </windowsAuthentication>

After doing this I was able to open Workspace for other machines without issue.

NOTE: this is essentially the same steps outlined in the K2 product documentation around enabling Kerberos:

                                http://help.k2.com/helppages/k2blackpearl/page=Activate_delegation_settings_for_IIS_7.0_web_application_.html

However, since I hadn’t gotten to the point of Kerberos configuration yet I had not set these.  Also, it is probably worth mentioning as I could see potential for this issue to occur even if Kerberos is not being used.