Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.
SSRS cant open report builder - authentication error
Hi Experts,
I hope you can help me with this?
I recently built and SQL Server Reporting Service. All was working fine, but i needed it to work over HTTPS. Unfortunately when attempting to browse HTTPS it kept prompting me for credentials, but would not accept any (this is despite me being an administrator, sysadmin and explicitly referenced as a SSRS administrator
I did some googling and found you could change the manor of authentication via the following link
https://technet.microsoft.com/en-us/library/cc281309(v=sql.105).aspx
I was able to change authentication to basic and it worked. i could use HTTPS and login with my credentials. But now i've hit a new snag. Now when ever i open the report builder i get the following error
"Cannot retrieve application. Authentication error"
Details revel the following
"PLATFORM VERSION INFO
Windows : 6.1.7601.65536 (Win32NT)
Common Language Runtime : 4.0.30319.18444
System.Deployment.dll : 4.0.30319.34244 built by: FX452RTMGDR
clr.dll : 4.0.30319.18444 built by: FX451RTMGDR
dfdll.dll : 4.0.30319.34244 built by: FX452RTMGDR
dfshim.dll : 4.0.41209.0 (Main.041209-0000)
SOURCES
Deployment url : http://dc4insql01/ReportServer/ReportBuilder/ReportBuilder_3_0_0_0.application
ERROR SUMMARY
Below is a summary of the errors, details of these errors are listed later in the log.
* Activation of http://dc4insql01/ReportServer/ReportBuilder/ReportBuilder_3_0_0_0.application resulted in exception. Following failure messages were detected:
+ Downloading http://dc4insql01/ReportServer/ReportBuilder/ReportBuilder_3_0_0_0.application did not succeed.
+ The remote server returned an error: (401) Unauthorized.
COMPONENT STORE TRANSACTION FAILURE SUMMARY
No transaction error was detected.
WARNINGS
There were no warnings during this operation.
OPERATION PROGRESS STATUS
* [28/08/2015 08:34:46] : Activation of http://dc4insql01/ReportServer/ReportBuilder/ReportBuilder_3_0_0_0.application has started.
ERROR DETAILS
Following errors were detected during this operation.
* [28/08/2015 08:34:46] System.Deployment.Applicat
- Downloading http://dc4insql01/ReportServer/ReportBuilder/ReportBuilder_3_0_0_0.application did not succeed.
- Source: System.Deployment
- Stack trace:
at System.Deployment.Applicat
at System.Deployment.Applicat
at System.Deployment.Applicat
at System.Deployment.Applicat
at System.Deployment.Applicat
at System.Deployment.Applicat
at System.Deployment.Applicat
at System.Deployment.Applicat
--- Inner Exception ---
System.Net.WebException
- The remote server returned an error: (401) Unauthorized.
- Source: System
- Stack trace:
at System.Net.HttpWebRequest.
at System.Deployment.Applicat
COMPONENT STORE TRANSACTION DETAILS
No transaction information is available."
This is the authentication string i am using currently. Any ideas?
<Authentication>
<AuthenticationTypes>
<RSWindowsBasic>
<LogonMethod>3</LogonMetho
<Realm></Realm>
<DefaultDomain>mydomain</D
</RSWindowsBasic>
</AuthenticationTypes>
<EnableAuthPersistence>tru
</Authentication>
I hope you can help me with this?
I recently built and SQL Server Reporting Service. All was working fine, but i needed it to work over HTTPS. Unfortunately when attempting to browse HTTPS it kept prompting me for credentials, but would not accept any (this is despite me being an administrator, sysadmin and explicitly referenced as a SSRS administrator
I did some googling and found you could change the manor of authentication via the following link
https://technet.microsoft.com/en-us/library/cc281309(v=sql.105).aspx
I was able to change authentication to basic and it worked. i could use HTTPS and login with my credentials. But now i've hit a new snag. Now when ever i open the report builder i get the following error
"Cannot retrieve application. Authentication error"
Details revel the following
"PLATFORM VERSION INFO
Windows : 6.1.7601.65536 (Win32NT)
Common Language Runtime : 4.0.30319.18444
System.Deployment.dll : 4.0.30319.34244 built by: FX452RTMGDR
clr.dll : 4.0.30319.18444 built by: FX451RTMGDR
dfdll.dll : 4.0.30319.34244 built by: FX452RTMGDR
dfshim.dll : 4.0.41209.0 (Main.041209-0000)
SOURCES
Deployment url : http://dc4insql01/ReportServer/ReportBuilder/ReportBuilder_3_0_0_0.application
ERROR SUMMARY
Below is a summary of the errors, details of these errors are listed later in the log.
* Activation of http://dc4insql01/ReportServer/ReportBuilder/ReportBuilder_3_0_0_0.application resulted in exception. Following failure messages were detected:
+ Downloading http://dc4insql01/ReportServer/ReportBuilder/ReportBuilder_3_0_0_0.application did not succeed.
+ The remote server returned an error: (401) Unauthorized.
COMPONENT STORE TRANSACTION FAILURE SUMMARY
No transaction error was detected.
WARNINGS
There were no warnings during this operation.
OPERATION PROGRESS STATUS
* [28/08/2015 08:34:46] : Activation of http://dc4insql01/ReportServer/ReportBuilder/ReportBuilder_3_0_0_0.application has started.
ERROR DETAILS
Following errors were detected during this operation.
* [28/08/2015 08:34:46] System.Deployment.Applicat
- Downloading http://dc4insql01/ReportServer/ReportBuilder/ReportBuilder_3_0_0_0.application did not succeed.
- Source: System.Deployment
- Stack trace:
at System.Deployment.Applicat
at System.Deployment.Applicat
at System.Deployment.Applicat
at System.Deployment.Applicat
at System.Deployment.Applicat
at System.Deployment.Applicat
at System.Deployment.Applicat
at System.Deployment.Applicat
--- Inner Exception ---
System.Net.WebException
- The remote server returned an error: (401) Unauthorized.
- Source: System
- Stack trace:
at System.Net.HttpWebRequest.
at System.Deployment.Applicat
COMPONENT STORE TRANSACTION DETAILS
No transaction information is available."
This is the authentication string i am using currently. Any ideas?
<Authentication>
<AuthenticationTypes>
<RSWindowsBasic>
<LogonMethod>3</LogonMetho
<Realm></Realm>
<DefaultDomain>mydomain</D
</RSWindowsBasic>
</AuthenticationTypes>
<EnableAuthPersistence>tru
</Authentication>
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with premium.
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
Hi Icohan,
Cheers for the response :)
I tried adding the site to the local intranet zone but no luck. Saving the password didn't work either unfortunately
Any other ideas?
Cheers for the response :)
I tried adding the site to the local intranet zone but no luck. Saving the password didn't work either unfortunately
Any other ideas?
Ok, so rolling back to the default (see below) work fine for HTTP, just not HTTPS. With HTTPS it rejects all logins
<Authentication>
<Extension Name="Windows" Type="Microsoft.ReportingS
</Authentication>
<Authentication>
<Extension Name="Windows" Type="Microsoft.ReportingS
</Authentication>
Would you be able to just try enable Anonymous access for testing only with HTTPS and HTTP - just to make sure is nothing else because having that enabled should allow any and all users.
I think it relates to this
Report Builder uses ClickOnce technology to download and install application files on the client computer. When it starts on the client computer, the ClickOnce application launcher will make a request for additional application files on the report server computer. If the report server is configured for Basic authentication, the ClickOnce application launcher will fail the authentication check because it does not support Basic authentication.
To work around this issue, you can configure Anonymous access to the Report Builder program files. Doing so allows ClickOnce to bypass the authentication check when retrieving its files. Enable Anonymous access by doing the following:
Verify that the report server is configured for Basic authentication.
Create a bin folder under ReportBuilder and copy four assemblies to the folder.
Add the IsReportBuilderAnonymousAc
Optionally, you can specify a least-privilege account to process requests under a security context that is different from the report server. This account becomes the anonymous account for accessing Report Builder files on a report server. The account sets the identity of the thread in the ASP.NET worker process. Requests that run in that thread are passed to the report server without an authentication check. This account is equivalent to the IUSR_<machine> account in Internet Information Services (IIS), which is used to set the security context for ASP.NET worker processes when Anonymous access and impersonation are enabled. To specify the account, you add it to a Report Builder Web.config file.
The report server must be configured for Basic authentication if you want to enable Anonymous access to the Report Builder program files. If the report server is not configured for Basic authentication, you will get an error when you attempt to enable Anonymous access.
For more information about authentication issues and Report Builder, see Configure Report Builder Access.
To configure Report Builder access on a report server configured for Basic authentication
Verify the report server is configured for Basic authentication by checking the authentication settings in the RSReportServer.config file.
Create a BIN folder under the ReportBuilder folder. By default, this folder is located at \Program Files\Microsoft SQL Server\MSRS12.MSSQLSERVER\
Copy the following assemblies from the ReportServer\Bin folder to the ReportBuilder\BIN folder:
Microsoft.ReportingService
Microsoft.ReportingService
ReportingServicesAppDomain
RSHttpRuntime.dll
Optionally, create a Web.config file to process Report Builder requests under an Anonymous account:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<authentication mode="Windows" />
<identity impersonate="true " userName="username" password="password"/>
</system.web>
</configuration>
Authentication mode must be set to Windows if you include a Web.config file.
Identity impersonate can be True or False.
Set it to False if you do not want ASP.NET to read the security token. The request will run in the security context of the Report Server service.
Set it to True if you want ASP.NET to read the security token from the host layer. If you set it to True, you must also specify userName and password to designate an Anonymous account. The credentials you specify will determine the security context under which the request is issued.
Save the Web.config file to the ReportBuilder\bin folder.
Open RSReportServer.config file, in the Services section, find IsReportManagerEnabled and add the following setting below it:
<IsReportBuilderAnonymousA
Save RSReportServer.config and close the file.
Restart the report server.
However when i make this change the web page no longer works at all?
Report Builder uses ClickOnce technology to download and install application files on the client computer. When it starts on the client computer, the ClickOnce application launcher will make a request for additional application files on the report server computer. If the report server is configured for Basic authentication, the ClickOnce application launcher will fail the authentication check because it does not support Basic authentication.
To work around this issue, you can configure Anonymous access to the Report Builder program files. Doing so allows ClickOnce to bypass the authentication check when retrieving its files. Enable Anonymous access by doing the following:
Verify that the report server is configured for Basic authentication.
Create a bin folder under ReportBuilder and copy four assemblies to the folder.
Add the IsReportBuilderAnonymousAc
Optionally, you can specify a least-privilege account to process requests under a security context that is different from the report server. This account becomes the anonymous account for accessing Report Builder files on a report server. The account sets the identity of the thread in the ASP.NET worker process. Requests that run in that thread are passed to the report server without an authentication check. This account is equivalent to the IUSR_<machine> account in Internet Information Services (IIS), which is used to set the security context for ASP.NET worker processes when Anonymous access and impersonation are enabled. To specify the account, you add it to a Report Builder Web.config file.
The report server must be configured for Basic authentication if you want to enable Anonymous access to the Report Builder program files. If the report server is not configured for Basic authentication, you will get an error when you attempt to enable Anonymous access.
For more information about authentication issues and Report Builder, see Configure Report Builder Access.
To configure Report Builder access on a report server configured for Basic authentication
Verify the report server is configured for Basic authentication by checking the authentication settings in the RSReportServer.config file.
Create a BIN folder under the ReportBuilder folder. By default, this folder is located at \Program Files\Microsoft SQL Server\MSRS12.MSSQLSERVER\
Copy the following assemblies from the ReportServer\Bin folder to the ReportBuilder\BIN folder:
Microsoft.ReportingService
Microsoft.ReportingService
ReportingServicesAppDomain
RSHttpRuntime.dll
Optionally, create a Web.config file to process Report Builder requests under an Anonymous account:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<authentication mode="Windows" />
<identity impersonate="true " userName="username" password="password"/>
</system.web>
</configuration>
Authentication mode must be set to Windows if you include a Web.config file.
Identity impersonate can be True or False.
Set it to False if you do not want ASP.NET to read the security token. The request will run in the security context of the Report Server service.
Set it to True if you want ASP.NET to read the security token from the host layer. If you set it to True, you must also specify userName and password to designate an Anonymous account. The credentials you specify will determine the security context under which the request is issued.
Save the Web.config file to the ReportBuilder\bin folder.
Open RSReportServer.config file, in the Services section, find IsReportManagerEnabled and add the following setting below it:
<IsReportBuilderAnonymousA
Save RSReportServer.config and close the file.
Restart the report server.
However when i make this change the web page no longer works at all?
What ever happens, it seems to do with the rsreportserver.config file as even rolling back the
<IsReportBuilderAnonymousA
still results in the site being down and broken. I can only get it back, by replacing the entire rsreportserver.config file with a backup i made
<IsReportBuilderAnonymousA
still results in the site being down and broken. I can only get it back, by replacing the entire rsreportserver.config file with a backup i made
Well in order to protect a ClickOnce deployment the options are to either by protecting the folder on the web service where it resides by specifically giving access to users, or by password-protecting the page the user goes to to click on the install link so I'm thinking the folder from where the download should start does not have the user access yet. Could you check that on the server where reportbuilder is to make sure your NT user used in the HTTP or HTTPS has access to it?
Hi Icohan,
Definitely have access to it as I'm logging as an administrator of the system. I think my previous comment is on the right track for access, but i have no idea why, when applied, it forces the entire site to no longer work?
Definitely have access to it as I'm logging as an administrator of the system. I think my previous comment is on the right track for access, but i have no idea why, when applied, it forces the entire site to no longer work?
This guy had the same issue,
But it appears it worked for him after adding the extra parts posted above
http://www.experts-exchange.com/questions/26239792/SSRS-2008-R2-report-builder-3-0-remote-clickonce-deployment-error.html
Not sure why mine blows up
But it appears it worked for him after adding the extra parts posted above
http://www.experts-exchange.com/questions/26239792/SSRS-2008-R2-report-builder-3-0-remote-clickonce-deployment-error.html
Not sure why mine blows up
Microsoft were able to resolve the issue for me
The problem was with the xml
<Authentication>
<AuthenticationTypes>
<RSWindowsBasic>
<LogonMethod>3</LogonMetho
<Realm></Realm>
<DefaultDomain></DefaultDo
</RSWindowsBasic>
</AuthenticationTypes>
<EnableAuthPersistence>tru
</Authentication>
Even though this worked for the initial part of testing (gaining access to the server, just not the report builder) it caused a conflict when the following xml was added
<IsReportBuilderAnonymousA
So to resolve, the later xml had to be added and the former changed to
<AuthenticationTypes>
<RSWindowsBasic/>
</AuthenticationTypes>
This then fixed the problem of the site blowing up, and all that was left to do to get the report builder to work was for write permissions to be added to the following path for the service account
C:\Windows\Microsoft.NET\F
Cheers for all of your help
The problem was with the xml
<Authentication>
<AuthenticationTypes>
<RSWindowsBasic>
<LogonMethod>3</LogonMetho
<Realm></Realm>
<DefaultDomain></DefaultDo
</RSWindowsBasic>
</AuthenticationTypes>
<EnableAuthPersistence>tru
</Authentication>
Even though this worked for the initial part of testing (gaining access to the server, just not the report builder) it caused a conflict when the following xml was added
<IsReportBuilderAnonymousA
So to resolve, the later xml had to be added and the former changed to
<AuthenticationTypes>
<RSWindowsBasic/>
</AuthenticationTypes>
This then fixed the problem of the site blowing up, and all that was left to do to get the report builder to work was for write permissions to be added to the following path for the service account
C:\Windows\Microsoft.NET\F
Cheers for all of your help
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trialIt's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSRS
From novice to tech pro — start learning today.
-
Microsoft ApplicationsCertification: MOS Microsoft Office Specialist - Excel 2010 Basic 264 lessons
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with premium.
Start your 7-day free trial.
Try to either add the site to your "LocalIntranet" zone in IE (which automatically sends id and password) or make sure that the "automatic login with current username and password" option is set for the "Logon" option in the Internet zone. Launch IE by right clicking the IE icon and clicking "Run As Administrator" and tick the "Save Password" check box on the user name and password entry box when the user starts the session.