Solved

Reporting Services on two servers without Domain

Posted on 2008-06-24
3
432 Views
Last Modified: 2008-08-18
SHORT:
I want to be able to install Microsoft SQL Server 2005 Reporting Services on two servers.

MY SETUP:
I have a three server setup without any domain server. A public frontend server, a backend server and a database server behind a firewall (not public). On the database server I have installed Microsoft SQL Server 2005 SP2 + Reporting Services. When using http://localhost/reports on the database server everything works fine. I can view and change the reports with sufficient rights.

WHAT I WANNA DO:
To be able to have the end user access the report services I have installed the reports web site on the frontend aswell. When I then use this http://mysite/reports I get prompted for username/password. If I use the username of the user of the database server I cannot login. This is obvious since that user is not known to the frontend. If I create a user on the frontend with the same name, I can log in but the Report Services complain that the user does not have enough rights to use the reporting services. Problem is that I cant create a frontend user on the database server.

SOLUTION NEEDED:
My idea now is to setup a domain controller and use a domain user instead. Problem about that is that this is a costly affair (hosting used is not cheap). But if its the only solution and if I can be sure it works thats what I gonna do.

I am hoping that some other solution can be presented here though :)

Thanks in advance
0
Comment
Question by:MadsNielsen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 18

Assisted Solution

by:chrismc
chrismc earned 50 total points
ID: 21859037
You should be able to set this up entirely in SQL and RS. You probably know a lot of this already so I apologise if that's the case
Make sure the security on the SQL Server is set to "Mixed mode".
Setting users in SQL is a two part process, you have to set up the "Logins" which gives permission to the access the Server. Then on the databases you setup the "User" that maps to a "Login". This is where you give the user specific rights to the database itself.

In Reporting services there are two seperate security areas. One is the datasource, the other is the reports themselves.
You can set the RS credentials either from Report Manager (the "FrontEnd") or the SQL Management Studio.
One of the security options is to "Prompt the user", I guess that's what you should use.
Also with the datasource, typically you might use a special account with read-only privileges to the data on that and just rely on authentication to the report this simplifies the security setup substantially. Just make sure you hide the datasources.

Well there are a few pointers!
0
 

Author Comment

by:MadsNielsen
ID: 21863861
Thanks for your reply chrismc. You at least gave me an idea on what to try. When I log in (with remote desktop) to the frontend server I am able to login to the database server (holdning the reporting services) with http://dbserver/reports and with database server windows user credentials. Then I tried to create a new role, hoping that I could create a role based on a frontend user. Funny thing is when I click on the OK button nothing happens. Also nothing happens when I try to edit an existing user.

All the SQL stuff you wrote about - I cant recognize at all. Maybe I misunderstood you. Let me state again that when I am logged in (with remote desktop) to the database server the Reporting Services are fully functional.
0
 

Accepted Solution

by:
MadsNielsen earned 0 total points
ID: 22221420
We finaly gave up and installed SQL Server on the frontend server aswell.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Let's recap what we learned from yesterday's Skyport Systems webinar.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question