none
SSRS and SharePoint Integration Authentication Issue

    問題

  • We recently turned on SSRS for our SharePoint 2010 Test Environment.  We are using an account that has rights to SharePoint as a site collection administrator, the feature is enabled on the site collection and site level, it has access to the SQL instance to pull the reports.  The report config file specifies NTLM authentication.  It acts as if it will configure and goes through the SP Central Administration steps successfully.  When I try to deploy a report, I receive the following error:

    Exception encountered for SOAP method GetSystemProperties: System.Net.WebException: The request failed with HTTP status 401: Unauthorized.     at Microsoft.SqlServer.ReportingServices2010.RSConnection2010.SetConnectionProtocol()     at Microsoft.SqlServer.ReportingServices2010.RSConnection2010.SoapMethodWrapper`1.ExecuteMethod(Boolean setConnectionProtocol) 1afe9dfd-9846-4194-bddf-fcb0ded634be
    06/14/2012 15:37:43.03  w3wp.exe (0x1E78)                        0x1754 SQL Server Reporting Services  SOAP Client Proxy              0000 High     Exception encountered for SOAP method GetSystemProperties: System.Net.WebException: The request failed with HTTP status 401: Unauthorized.     at Microsoft.SqlServer.ReportingServices2010.RSConnection2010.SetCo

    If I turn on trusted accounts, it works, but then it argues when the report loads because our reports use windows integrated authentication.  We would prefer to have windows integrated authentication to control who can see reports by their login name.  Any ideas?  I feel like I have exhausted options.

    2012年6月14日 下午 07:59

解答

  • We aren't using kerberos authentication and do not want to use Kerberos so this is not a solution for us.  I resolved this by using a trusted account and using a SQL account in the report data connection to reference the data, we then lock down the reports as needed.
    2012年6月19日 下午 02:42

所有回覆

  • Hi,

    If you need Windows Integrated authentication and you have your Data Sources in another server, maybe you are in the doble hop issue.

    If you have all your SharePoint, DAtabase and Data Source at same computer you could have access to your sources if your current user (witch access to sharepoint) can connect.

    Regards!



    José Quinto Zamora
    SharePoint and Search Specialist at SolidQ(http://www.solidq.com)
    MCITP and MCPD in SharePoint 2010
    http://blogs.solidq.com/sharepoint

    2012年6月14日 下午 11:17
  • How would you recommend fixing this double hop issue?  We definitely have our datasources on a different server.  The architecture is 2 WFE's (one hosting central admin), a report server that also has sharepoint installed and is attached to the farm, an index server, and a sqldev server hosting the content dbs. 
    2012年6月15日 下午 03:12
  • Hi,

    In order to solve double hop issue you should configure Kerberos authentication.

    You have this complete guide: http://www.microsoft.com/en-us/download/details.aspx?id=23176

    Regards!



    José Quinto Zamora
    SharePoint and Search Specialist at SolidQ(http://www.solidq.com)
    MCITP and MCPD in SharePoint 2010
    http://blogs.solidq.com/sharepoint

    2012年6月19日 上午 07:33
  • We aren't using kerberos authentication and do not want to use Kerberos so this is not a solution for us.  I resolved this by using a trusted account and using a SQL account in the report data connection to reference the data, we then lock down the reports as needed.
    2012年6月19日 下午 02:42
  • Ok, i didn't understand you.

    If you don't use Kerberos then you lose Windows Integrated authentication through external sources.

    If you don't use Kerberos you could also use SSS (Secure Storage Service) in order to configure one Managed Account to access to your external data sources.

    Regards!



    José Quinto Zamora
    SharePoint and Search Specialist at SolidQ(http://www.solidq.com)
    MCITP and MCPD in SharePoint 2010
    http://blogs.solidq.com/sharepoint

    2012年6月19日 下午 02:46