[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

How can I resolve my issues with Reporting Services and SharePoint 2010 Integration?

Posted on 2011-03-25
6
Medium Priority
?
2,279 Views
Last Modified: 2012-08-14
Hello,

I have built a SharePoint 2010 Farm with an application server, 2 web front end servers, and two SQL servers, (one for the main SharePoint Data, and one for Reporting Services).  I am able to configure the Reporting Services Integration and I beleive I can add a Report Server to the Integration as it accepts my server name and instance.  The problem is when I click on the next section to Set Server Defaults, or if I go to Site Settings and click on any of the links for Reporting Services, I get the following error:

The request failed with HTTP status 401: Unauthorized.

I looked at the correlation ID in the ULS Logs and get the following:

Exception encountered for SOAP method GetSystemProperties: System.Net.WebException: The request failed with HTTP status 401: Unauthorized.    
 at Microsoft.SqlServer.ReportingServices2010.RSConnection2010.SetConnectionProtocol()    
 at Microsoft.SqlServer.ReportingServices2010.RSConnection2010.SoapMethodWrapper`1.ExecuteMethod(Boolean setConnectionProtocol)

I looked around the Internet for similar issues and many people were mentioning Kerberos being misconfigured.  I spent some time going over my SPN configurations and everything seemed to be setup.  I am by no mean an expert when it comes to Kerberos so I could be mistaken though.

As a final test to try and rule out Kerberos as a culprit, I changed the configuration in the Reporting Services Integration from using the URL with the FQDN of the Reporting Server, to the URL with the IP address of the Reporting Server as I understand that would use NTLM to authenticate.  Once I made the changes and click on the links, I was still getting the same error on the screen and in the ULS logs.

I can successfully access the Web Service URL listed in Reporting Services Configuration Manager, and when I enter that URL into the Reporting Integration section of Central Admin everything checks out okay.

So far, the only way I have been able to get reporting to load without the errors is to change the configuration in the Reporting Services Integration area to use a Trusted Account instead of Windows Authentication.

Does anyone have any ideas as to what I may have done wrong, or not done that might fix this issue?

0
Comment
Question by:ADX39655
6 Comments
 
LVL 3

Expert Comment

by:AndrewSkoraro
ID: 35218786
It does sound like it could be kerberos.  You will need to provide all of the SPN settings for each server and the database server.  Here is the SPNs that you will need.  I am assuming you know how to set IIS and Reporting services config files as well as AD for the system accounts.

**Your app server**
setspn -a HTTP/app01.yourdomain.com domain\serviceaccount
setspn -a HTTP/app01 domain\serviceaccount
**Your web server**
setspn -a HTTP/web01.yourdomain.com domain\serviceaccount
setspn -a HTTP/web01 domain\serviceaccount
**Your reporting server**
setspn -a HTTP/web02.yourdomain.com domain\serviceaccount
setspn -a HTTP/web02 domain\serviceaccount
**Your sql servers **  Note that you will need to specify the port for a named instance, default is port 1433 - my example assumes instance on port 58180
setspn -a MSSQLSvc/DB01.yourdomain.com domain\sqlaccount
setspn -a MSSQLSvc/DB01.yourdomain.com:58180 domain\sqlaccount

setspn -a MSSQLSvc/DB02.yourdomain.com domain\sqlaccount
setspn -a MSSQLSvc/DB02.yourdomain.com:58180 domain\sqlaccount
0
 

Author Comment

by:ADX39655
ID: 35219187
Here is what I currently have for my SPN configurations

SQL Service Account

MSSQLSVC/appprojsql2p:1433
MSSQLSVC/appprojsql2p.mydomain.com:1433
MSSQLSVC/appprojsql1p:1433
MSOLAPSvc.3/approjsql2p:ProjectSSRS
MSOLAPSvc.3/approjsql2p.mydomain.com:ProjectSSRS
MSSQLSVC/appprojsql1p.mydomain.com:1433

SQL Reporting Service Account

 HTTP/appprojsql2p.mydomain.com
 HTTP/appprojsql2p
 HTTP/appprojsql1p.mydomain.com
 HTTP/appprojsql1p

IIS Service Account

http/appprojweb2p
http/appprojsvr1p.mydomain.com
http/appprojweb2p.mydomain.com
http/appprojweb1p
http/appprojweb1p.mydomain.com
http/appprojsvr1p
http/schedule.mydomain.com
http/schedule

If I did something wrong with this setup please let me know as I am very new to Kerberos.
0
 
LVL 2

Expert Comment

by:edzhu
ID: 35220253
Did you try to configure trust for delegation for web parts? You can find the detail in the following KB: http://support.microsoft.com/default.aspx?scid=kb;EN-US;832769
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 3

Expert Comment

by:AndrewSkoraro
ID: 35242740
Your SQL connections needs some changes.  

setspn -d MSSQLSvc/appprojsql2p:1433 [domain\account]
setspn -d MSSQLSvc/appprojsql1p:1433 [domain\account]

setspn -a MSSQLSvc/appprojsql2p.mydomain.com [domain\account]
setspn -a MSSQLSvc/appprojweb1p.mydomain.com [domain\account]
0
 
LVL 1

Accepted Solution

by:
wickid187 earned 2000 total points
ID: 35259720
I think the SPNs look right; however, you may want to check your delegations.  Verify the IIS account on the SSRS server and add a delegation for it to use the SPN for the Reporting Services account and see if that clears things up.

Also look into disabling loopback on servers in the farm as that could cause 401 errors as well.
0
 

Author Comment

by:ADX39655
ID: 35261046
Not sure which was the fix...the loopback changes or adding the delagation but it cleared up my errors.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to leverage one TLS certificate to encrypt Microsoft SQL traffic and Remote Desktop Services, versus creating multiple tickets for the same server.
Use this article to create a batch file to backup a Microsoft SQL Server database to a Windows folder.  The folder can be on the local hard drive or on a network share.  This batch file will query the SQL server to get the current date & time and wi…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question