Solved

How can I resolve my issues with Reporting Services and SharePoint 2010 Integration?

Posted on 2011-03-25
6
2,185 Views
Last Modified: 2012-08-14
Hello,

I have built a SharePoint 2010 Farm with an application server, 2 web front end servers, and two SQL servers, (one for the main SharePoint Data, and one for Reporting Services).  I am able to configure the Reporting Services Integration and I beleive I can add a Report Server to the Integration as it accepts my server name and instance.  The problem is when I click on the next section to Set Server Defaults, or if I go to Site Settings and click on any of the links for Reporting Services, I get the following error:

The request failed with HTTP status 401: Unauthorized.

I looked at the correlation ID in the ULS Logs and get the following:

Exception encountered for SOAP method GetSystemProperties: System.Net.WebException: The request failed with HTTP status 401: Unauthorized.    
 at Microsoft.SqlServer.ReportingServices2010.RSConnection2010.SetConnectionProtocol()    
 at Microsoft.SqlServer.ReportingServices2010.RSConnection2010.SoapMethodWrapper`1.ExecuteMethod(Boolean setConnectionProtocol)

I looked around the Internet for similar issues and many people were mentioning Kerberos being misconfigured.  I spent some time going over my SPN configurations and everything seemed to be setup.  I am by no mean an expert when it comes to Kerberos so I could be mistaken though.

As a final test to try and rule out Kerberos as a culprit, I changed the configuration in the Reporting Services Integration from using the URL with the FQDN of the Reporting Server, to the URL with the IP address of the Reporting Server as I understand that would use NTLM to authenticate.  Once I made the changes and click on the links, I was still getting the same error on the screen and in the ULS logs.

I can successfully access the Web Service URL listed in Reporting Services Configuration Manager, and when I enter that URL into the Reporting Integration section of Central Admin everything checks out okay.

So far, the only way I have been able to get reporting to load without the errors is to change the configuration in the Reporting Services Integration area to use a Trusted Account instead of Windows Authentication.

Does anyone have any ideas as to what I may have done wrong, or not done that might fix this issue?

0
Comment
Question by:ADX39655
6 Comments
 
LVL 3

Expert Comment

by:AndrewSkoraro
ID: 35218786
It does sound like it could be kerberos.  You will need to provide all of the SPN settings for each server and the database server.  Here is the SPNs that you will need.  I am assuming you know how to set IIS and Reporting services config files as well as AD for the system accounts.

**Your app server**
setspn -a HTTP/app01.yourdomain.com domain\serviceaccount
setspn -a HTTP/app01 domain\serviceaccount
**Your web server**
setspn -a HTTP/web01.yourdomain.com domain\serviceaccount
setspn -a HTTP/web01 domain\serviceaccount
**Your reporting server**
setspn -a HTTP/web02.yourdomain.com domain\serviceaccount
setspn -a HTTP/web02 domain\serviceaccount
**Your sql servers **  Note that you will need to specify the port for a named instance, default is port 1433 - my example assumes instance on port 58180
setspn -a MSSQLSvc/DB01.yourdomain.com domain\sqlaccount
setspn -a MSSQLSvc/DB01.yourdomain.com:58180 domain\sqlaccount

setspn -a MSSQLSvc/DB02.yourdomain.com domain\sqlaccount
setspn -a MSSQLSvc/DB02.yourdomain.com:58180 domain\sqlaccount
0
 

Author Comment

by:ADX39655
ID: 35219187
Here is what I currently have for my SPN configurations

SQL Service Account

MSSQLSVC/appprojsql2p:1433
MSSQLSVC/appprojsql2p.mydomain.com:1433
MSSQLSVC/appprojsql1p:1433
MSOLAPSvc.3/approjsql2p:ProjectSSRS
MSOLAPSvc.3/approjsql2p.mydomain.com:ProjectSSRS
MSSQLSVC/appprojsql1p.mydomain.com:1433

SQL Reporting Service Account

 HTTP/appprojsql2p.mydomain.com
 HTTP/appprojsql2p
 HTTP/appprojsql1p.mydomain.com
 HTTP/appprojsql1p

IIS Service Account

http/appprojweb2p
http/appprojsvr1p.mydomain.com
http/appprojweb2p.mydomain.com
http/appprojweb1p
http/appprojweb1p.mydomain.com
http/appprojsvr1p
http/schedule.mydomain.com
http/schedule

If I did something wrong with this setup please let me know as I am very new to Kerberos.
0
 
LVL 2

Expert Comment

by:edzhu
ID: 35220253
Did you try to configure trust for delegation for web parts? You can find the detail in the following KB: http://support.microsoft.com/default.aspx?scid=kb;EN-US;832769
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 3

Expert Comment

by:AndrewSkoraro
ID: 35242740
Your SQL connections needs some changes.  

setspn -d MSSQLSvc/appprojsql2p:1433 [domain\account]
setspn -d MSSQLSvc/appprojsql1p:1433 [domain\account]

setspn -a MSSQLSvc/appprojsql2p.mydomain.com [domain\account]
setspn -a MSSQLSvc/appprojweb1p.mydomain.com [domain\account]
0
 
LVL 1

Accepted Solution

by:
wickid187 earned 500 total points
ID: 35259720
I think the SPNs look right; however, you may want to check your delegations.  Verify the IIS account on the SSRS server and add a delegation for it to use the SPN for the Reporting Services account and see if that clears things up.

Also look into disabling loopback on servers in the farm as that could cause 401 errors as well.
0
 

Author Comment

by:ADX39655
ID: 35261046
Not sure which was the fix...the loopback changes or adding the delagation but it cleared up my errors.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Written by Valentino Vranken. Introduction: The first step of creating a SQL Server Reporting Services (SSRS) report involves setting up a connection to the data source and programming a dataset to retrieve data from that data source.  The data…
I thought I'd write this up for anyone who has a request to create an anonymous whistle-blower-type submission form created using SharePoint 2010 (this would probably work the same for 2013). It's not 100% fool-proof but it's as close as you can get…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.
Many functions in Excel can make decisions. The most simple of these is the IF function: it returns a value depending on whether a condition you describe is true or false. Once you get the hang of using the IF function, you will find it easier to us…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now