Link to home
Start Free TrialLog in
Avatar of PowerToTheUsers
PowerToTheUsersFlag for Belgium

asked on

Report Server trying Anonymous Logon despite integrated security after upgrade 2005->2008 (double hop issue?)

In our situation, we have multiple servers involved in this problem, let's call them W, S and R:
W = Server with Sql Server reporting services. This server has been upgraded from SQL Server 2005 (unknown SP) to SQL Server 2008 + SP1. Only the reporting services-part is installed, no local database.
S = SQL Server where the content-database is stored (let's call the database "Information"). SQL Server 2005 SP2 (9.0.3233)
R = SQL Server where the ReportServer- and ReportServerTempDB-databases are stored. SQL Server 2005 SP1 (9.0.2047)

Before the upgrade of the SQL Server Reporting services on server "W", the reports worked fine. During the upgrade, no errors appeared, everything went smoothly. But now the reports don't work anymore. When browsing to a report on a client-PC, we get the error:

An error has occurred during report processing. (rsProcessingAborted)
Cannot create a connection to data source 'Information'. (rsErrorOpeningConnection)
For more information about this error navigate to the report server on the local server machine, or enable remote errors

Surfing to the reportserver (W) locally gives the detailed error:

An error has occurred during report processing. (rsProcessingAborted)
Cannot create a connection to data source 'Information'. (rsErrorOpeningConnection)
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

Looking in the application-eventlog of the SQL-server (S) gives this error:

Event Type:      Failure Audit
Event Source:      MSSQLSERVER
Event Category:      (4)
Event ID:      18456
Date:            17/02/2010
Time:            16:45:28
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      S
Description:
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. [CLIENT: 10.201.20.40]

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Where 10.201.20.40 is the IP of the reporting server, W.
In the eventlog of the databaseserver holding the ReportServer-database (R), there's nothing to see.

Server W has been marked (already when it was still a SQL2005-reporting server) as "Trust this computer for delegation to any service (Kerberos only) " in active directory.

I have already done some searching on this problem, and it's often referred to as the "double hop"-issue. Most suggested solutions are set correctly, but some solutions involve SPN's, and I'm not familiar with that... Can you guide me to a correct "spn-setup"? What do I need to check, what do I need to add by using setspn?

The only thing changed (which broke the reports) is the upgrade of the reporting services on Server "W".

Thanks in advance!
Avatar of Jim P.
Jim P.
Flag of United States of America image

What use  id is the SQL Server service running under? (services.msc)

Does the user id have domain permissions or is it a regular user account?
Avatar of PowerToTheUsers

ASKER

On Reporting-server W, the "SQL Server Reporting Services (MSSQLSERVER)" is running under the domain-useraccount domain\fbp.report.svc
On SQL-Server S, the service "SQL Server (MSSQLSERVER)" is running under the domain-useraccount domain\sqlsvc.

So both accounts have domain permissions.
ASKER CERTIFIED SOLUTION
Avatar of PowerToTheUsers
PowerToTheUsers
Flag of Belgium image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial