Click here to monitor SSC
SQLServerCentral is supported by Redgate
Log in  ::  Register  ::  Not logged in
Home       Members    Calendar    Who's On

Add to briefcase

RS 2012, service domain account, can only get an NTLM login Expand / Collapse
Posted Thursday, May 16, 2013 10:23 PM

Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: 2 days ago @ 8:54 PM
Points: 349, Visits: 1,389
Checking the security audit log on my reporting services box indicates that all connections are being made via NTLM. I need connections to be made via kerberos because I have integrated security data sources that point to other boxes. I've done this many times in 2005, 2008, 2008R2 and 2012, and I am going crazy trying to figure out what's wrong.

I have:

A sql server box called MySqlServer
reporting services service running as mydomain\myaccount
reporting services databases on a sql instance called MySqlServer\myInstance running as mydomain\myaccount (same account, I doubt this is relevant anyway)

mydomain\myaccount is trusted for delegation

sys.dm_exec_connections shows that connections to MySqlServer\myInstance are using kerberos.

setspn -l mydomain\myaccount includes the following output:

rsreportserver.config authentication is configured as follows:

<RSWindowsNegotiate />

I have restarted the reporting services service several times now. I simply cannot get a kerberos connection. But as far as I know, the above covers everything required for kerberos to be used. Anyone know of *anything* else that could be coming into play, no matter how crazy it may sound? Duplicate SPNs, something to do with subnets, datacenters, air speed of a fully laden swallow...

Blog on sqlservercentral
Post #1453839
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse