Avatar of PowerToTheUsers
PowerToTheUsers
Flag for Belgium asked on

Report Server trying Anonymous Logon despite integrated security after upgrade 2005->2008 (double hop issue?)

In our situation, we have multiple servers involved in this problem, let's call them W, S and R:
W = Server with Sql Server reporting services. This server has been upgraded from SQL Server 2005 (unknown SP) to SQL Server 2008 + SP1. Only the reporting services-part is installed, no local database.
S = SQL Server where the content-database is stored (let's call the database "Information"). SQL Server 2005 SP2 (9.0.3233)
R = SQL Server where the ReportServer- and ReportServerTempDB-databases are stored. SQL Server 2005 SP1 (9.0.2047)

Before the upgrade of the SQL Server Reporting services on server "W", the reports worked fine. During the upgrade, no errors appeared, everything went smoothly. But now the reports don't work anymore. When browsing to a report on a client-PC, we get the error:

An error has occurred during report processing. (rsProcessingAborted)
Cannot create a connection to data source 'Information'. (rsErrorOpeningConnection)
For more information about this error navigate to the report server on the local server machine, or enable remote errors

Surfing to the reportserver (W) locally gives the detailed error:

An error has occurred during report processing. (rsProcessingAborted)
Cannot create a connection to data source 'Information'. (rsErrorOpeningConnection)
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

Looking in the application-eventlog of the SQL-server (S) gives this error:

Event Type:      Failure Audit
Event Source:      MSSQLSERVER
Event Category:      (4)
Event ID:      18456
Date:            17/02/2010
Time:            16:45:28
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      S
Description:
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. [CLIENT: 10.201.20.40]

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Where 10.201.20.40 is the IP of the reporting server, W.
In the eventlog of the databaseserver holding the ReportServer-database (R), there's nothing to see.

Server W has been marked (already when it was still a SQL2005-reporting server) as "Trust this computer for delegation to any service (Kerberos only) " in active directory.

I have already done some searching on this problem, and it's often referred to as the "double hop"-issue. Most suggested solutions are set correctly, but some solutions involve SPN's, and I'm not familiar with that... Can you guide me to a correct "spn-setup"? What do I need to check, what do I need to add by using setspn?

The only thing changed (which broke the reports) is the upgrade of the reporting services on Server "W".

Thanks in advance!
Microsoft SQL Server 2005Microsoft SQL Server 2008SSRS

Avatar of undefined
Last Comment
PowerToTheUsers

8/22/2022 - Mon
Jim P.

What use  id is the SQL Server service running under? (services.msc)

Does the user id have domain permissions or is it a regular user account?
PowerToTheUsers

ASKER
On Reporting-server W, the "SQL Server Reporting Services (MSSQLSERVER)" is running under the domain-useraccount domain\fbp.report.svc
On SQL-Server S, the service "SQL Server (MSSQLSERVER)" is running under the domain-useraccount domain\sqlsvc.

So both accounts have domain permissions.
ASKER CERTIFIED SOLUTION
PowerToTheUsers

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck