?
Solved

How can I resolve my issues with Reporting Services and SharePoint 2010 Integration?

Posted on 2011-03-25
6
Medium Priority
?
2,238 Views
Last Modified: 2012-08-14
Hello,

I have built a SharePoint 2010 Farm with an application server, 2 web front end servers, and two SQL servers, (one for the main SharePoint Data, and one for Reporting Services).  I am able to configure the Reporting Services Integration and I beleive I can add a Report Server to the Integration as it accepts my server name and instance.  The problem is when I click on the next section to Set Server Defaults, or if I go to Site Settings and click on any of the links for Reporting Services, I get the following error:

The request failed with HTTP status 401: Unauthorized.

I looked at the correlation ID in the ULS Logs and get the following:

Exception encountered for SOAP method GetSystemProperties: System.Net.WebException: The request failed with HTTP status 401: Unauthorized.    
 at Microsoft.SqlServer.ReportingServices2010.RSConnection2010.SetConnectionProtocol()    
 at Microsoft.SqlServer.ReportingServices2010.RSConnection2010.SoapMethodWrapper`1.ExecuteMethod(Boolean setConnectionProtocol)

I looked around the Internet for similar issues and many people were mentioning Kerberos being misconfigured.  I spent some time going over my SPN configurations and everything seemed to be setup.  I am by no mean an expert when it comes to Kerberos so I could be mistaken though.

As a final test to try and rule out Kerberos as a culprit, I changed the configuration in the Reporting Services Integration from using the URL with the FQDN of the Reporting Server, to the URL with the IP address of the Reporting Server as I understand that would use NTLM to authenticate.  Once I made the changes and click on the links, I was still getting the same error on the screen and in the ULS logs.

I can successfully access the Web Service URL listed in Reporting Services Configuration Manager, and when I enter that URL into the Reporting Integration section of Central Admin everything checks out okay.

So far, the only way I have been able to get reporting to load without the errors is to change the configuration in the Reporting Services Integration area to use a Trusted Account instead of Windows Authentication.

Does anyone have any ideas as to what I may have done wrong, or not done that might fix this issue?

0
Comment
Question by:ADX39655
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 3

Expert Comment

by:AndrewSkoraro
ID: 35218786
It does sound like it could be kerberos.  You will need to provide all of the SPN settings for each server and the database server.  Here is the SPNs that you will need.  I am assuming you know how to set IIS and Reporting services config files as well as AD for the system accounts.

**Your app server**
setspn -a HTTP/app01.yourdomain.com domain\serviceaccount
setspn -a HTTP/app01 domain\serviceaccount
**Your web server**
setspn -a HTTP/web01.yourdomain.com domain\serviceaccount
setspn -a HTTP/web01 domain\serviceaccount
**Your reporting server**
setspn -a HTTP/web02.yourdomain.com domain\serviceaccount
setspn -a HTTP/web02 domain\serviceaccount
**Your sql servers **  Note that you will need to specify the port for a named instance, default is port 1433 - my example assumes instance on port 58180
setspn -a MSSQLSvc/DB01.yourdomain.com domain\sqlaccount
setspn -a MSSQLSvc/DB01.yourdomain.com:58180 domain\sqlaccount

setspn -a MSSQLSvc/DB02.yourdomain.com domain\sqlaccount
setspn -a MSSQLSvc/DB02.yourdomain.com:58180 domain\sqlaccount
0
 

Author Comment

by:ADX39655
ID: 35219187
Here is what I currently have for my SPN configurations

SQL Service Account

MSSQLSVC/appprojsql2p:1433
MSSQLSVC/appprojsql2p.mydomain.com:1433
MSSQLSVC/appprojsql1p:1433
MSOLAPSvc.3/approjsql2p:ProjectSSRS
MSOLAPSvc.3/approjsql2p.mydomain.com:ProjectSSRS
MSSQLSVC/appprojsql1p.mydomain.com:1433

SQL Reporting Service Account

 HTTP/appprojsql2p.mydomain.com
 HTTP/appprojsql2p
 HTTP/appprojsql1p.mydomain.com
 HTTP/appprojsql1p

IIS Service Account

http/appprojweb2p
http/appprojsvr1p.mydomain.com
http/appprojweb2p.mydomain.com
http/appprojweb1p
http/appprojweb1p.mydomain.com
http/appprojsvr1p
http/schedule.mydomain.com
http/schedule

If I did something wrong with this setup please let me know as I am very new to Kerberos.
0
 
LVL 2

Expert Comment

by:edzhu
ID: 35220253
Did you try to configure trust for delegation for web parts? You can find the detail in the following KB: http://support.microsoft.com/default.aspx?scid=kb;EN-US;832769
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 3

Expert Comment

by:AndrewSkoraro
ID: 35242740
Your SQL connections needs some changes.  

setspn -d MSSQLSvc/appprojsql2p:1433 [domain\account]
setspn -d MSSQLSvc/appprojsql1p:1433 [domain\account]

setspn -a MSSQLSvc/appprojsql2p.mydomain.com [domain\account]
setspn -a MSSQLSvc/appprojweb1p.mydomain.com [domain\account]
0
 
LVL 1

Accepted Solution

by:
wickid187 earned 2000 total points
ID: 35259720
I think the SPNs look right; however, you may want to check your delegations.  Verify the IIS account on the SSRS server and add a delegation for it to use the SPN for the Reporting Services account and see if that clears things up.

Also look into disabling loopback on servers in the farm as that could cause 401 errors as well.
0
 

Author Comment

by:ADX39655
ID: 35261046
Not sure which was the fix...the loopback changes or adding the delagation but it cleared up my errors.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Occasionally there is a need to clean table columns, especially if you have inherited legacy data. There are obviously many ways to accomplish that, including elaborate UPDATE queries with anywhere from one to numerous REPLACE functions (even within…
This article explains how to reset the password of the sa account on a Microsoft SQL Server.  The steps in this article work in SQL 2005, 2008, 2008 R2, 2012, 2014 and 2016.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question