Quantcast
Channel: SQL Server Reporting Services, Power View forum
Viewing all articles
Browse latest Browse all 20764

SSRS 2008R2, Kerberos and SharePoint 2010

March 20, 2013, 9:00 am
$
0
0

I apologize for the lengthy description, but we are attempting to get Kerberos up and running with SSRS 2008R2 & SharePoint 2010 and are having some issues.  I've tried to outline our environment and steps we've taken so far to give a good background.

ENVIRONMENT

SQLBIDEV

SQL Server 2008R2 (holds ReportServer databases only)

SSRS 2008R2

SSAS 2008R2

SQLDEV

SQL Server 2008R2 (holds our relational databases)

SPDEV

SharePoint 2010

KERBEROS SETUP SO FAR

We’ve created these SPNs:

SetSPN –S HTTP/SPDEV DOMAIN\svcSPDEV

SetSPN –S HTTP/SPDEV.domain.local DOMAIN\svcSPDEV

SetSPN –S HTTP/SPBIWEBAPP DOMAIN\svcSPDEV

SetSPN –S HTTP/SPBIWEBAPP.domain.local DOMAIN\svcSPDEV

SetSPN –S HTTP/SQLBIDEV DOMAIN\svcSSRSDEV

SetSPN –S HTTP/SQLBIDEV.domain.local:80 DOMAIN\svcSSRSDEV

SetSPN –S MSSQLSvc/SQLDEV DOMAIN\svcSQLServer

SetSPN –S MSSQLSvc/SQLDEV.domain.local DOMAIN\svcSQLServer

SetSPN –S MSOLAPSvc.3/SQLBIDEV DOMAIN\svcSSASDEV

SetSPN –S MSOLAPSvc.3/SQLBIDEV.domain.local DOMAIN\svcSSASDEV

In AD, on the Delegation tab for the DOMAIN\svcSPDEV user, we’ve set “Trust this user for delegation to specified services only” and chosen the svcSSRSDEV user.

In the SSRSConfig file, my authentication is setup as follows:

<Authentication>

<AuthenticationTypes>

<RSWindowsNegotiate />

<RSWindowsKerberos />

<RSWindowsNTLM />

</AuthenticationTypes>

<RSWindowsExtendedProtectionLevel>Off</RSWindowsExtendedProtectionLevel>

<RSWindowsExtendedProtectionScenario>Proxy</RSWindowsExtendedProtectionScenario>

<EnableAuthPersistence>true</EnableAuthPersistence>

</Authentication>

The SharePoint/SSRS integration is configured to use Windows Authentication, not a Trusted Account.

I am getting a“The request failed with HTTP status 401: Unauthorized.” error when I try to open/edit an existing data source on the SharePoint site.

My questions are –

1) Do we need a delegation from the SSRS to the SQL Server relational database account, or from the SSRS to SSAS account?

2) Do we need an SPN for our SQL Server that holds the ReportServer databases (it’s on the same server as our SSRS installation)?

3) Can we use a Claims SharePoint web app (how it’s setup now), or do we need to recreate that web app using the Classic choice? (If so, it can’t be switched from claims to classic, correct?)

THANK YOU IN ADVANCE!

Melissa

Search
Viewing all articles
Browse latest Browse all 20764
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>