I get the following error message when I select a report:
My Data source is set to Windows Integrated Security when I get this error message. If I change my data source to be "Credential supplied by the user running the report", the report generates fine. I am running SQL 2005 SP2. I have SQL reporting services installed on different server than my database services. Both servers are W2K3 R2 x64.
My IIS website and virtual directories are set up for Integrated Windows Authentication. My IIS application pool is set up to use an AD service account. I have followed the step/procedures outlined at: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/tkerbdel.mspx
http://blogs.msdn.com/sql_protocols/archive/2005/10/12/479871.aspx
http://blogs.msdn.com/sql_protocols/archive/2006/08/10/694657.aspx
but to no avail. I am sure that I am missing something, but I can't figure out what. I would like to use Integrated Authentication, any ideas? You are using allow anonymous in IIS. This means that your ReportViewer control is not passing the users credentials to the report server. If you want to use "allow anonymous" you will need to pass valid credentials to the report server. This can be done in your code that calls the Report Viewer control/Report Server.|||
Hi,
see more information about passing credentials programmatically here:
http://blogs.msdn.com/bimusings/archive/2005/11/05/489423.aspx
HTH, Jens K. Suessmeyer.
http://www.sqlserver2005.de
|||I don't think that the problem is related to ReportViewer or IIS configuration (Since the credantial information is passed to the datasource and denied). When u select Windows Intedrated Security for report options, the credantials of the user that initiates the Reporting Services at every start up (by default this user is: 'NT AUTHORITY\ANONYMOUS LOGON') are sent to the datasource (And if this user is not authorized in the target database you get the following error).
You can authorize the Reporting Services user in the target database ('NT AUTHORITY\ANONYMOUS LOGON' exists within your SQL Server Machines Users.
or
You can change the Reporting Services' user to a domain user that both computers can authanticate.
Administrative Tools -> Services. (Find 'SQL Server Reporting Services (MSSQLSERVER)' change user from LOG ON tab.)
I hope this helps.
|||Thanks for the replies, but they didn't seem to help. To clear up a few questions, this report was developed in Visual Studio 2005 and it works fine in it. The report renders ok if I launch in on the server, but not anywhere else. My Reporting Services' user is an AD account that both my servers can authenicate against, and this user does have access to the DB. My Website and virtual directories have "allow anonymous access" unchecked.|||I decided to try one more thing. I went into the web.config file and changed the <identity impersonate="false"/> and that fixed it for me. Thanks for all the replies.|||Note:
The above fix will force IIS to use the Application pool account to connect to SQL on the remote server.
This is still not the permanent solution that I am looking for, I believe my problem is a kerberos issue at this point. Any tips/hints/suggestions on troubleshooting this problem would be helpful.
sql
No comments:
Post a Comment