May 16, 2013 at 10:23 pm
Checking the security audit log on my reporting services box indicates that all connections are being made via NTLM. I need connections to be made via kerberos because I have integrated security data sources that point to other boxes. I've done this many times in 2005, 2008, 2008R2 and 2012, and I am going crazy trying to figure out what's wrong.
I have:
A sql server box called MySqlServer
reporting services service running as mydomain\myaccount
reporting services databases on a sql instance called MySqlServer\myInstance running as mydomain\myaccount (same account, I doubt this is relevant anyway)
mydomain\myaccount is trusted for delegation
sys.dm_exec_connections shows that connections to MySqlServer\myInstance are using kerberos.
setspn -l mydomain\myaccount includes the following output:
http/MySqlServer.mydomain.com.au
http/MySqlServer
mssqlsvc/MySqlServer.mydomain.com.au:mystaticport
mssqlsvc/MySqlServer:mystaticport
rsreportserver.config authentication is configured as follows:
<Authentication>
<AuthenticationTypes>
<RSWindowsNegotiate />
</AuthenticationTypes>
<RSWindowsExtendedProtectionLevel>Off</RSWindowsExtendedProtectionLevel>
<RSWindowsExtendedProtectionScenario>Proxy</RSWindowsExtendedProtectionScenario>
<EnableAuthPersistence>true</EnableAuthPersistence>
</Authentication>
I have restarted the reporting services service several times now. I simply cannot get a kerberos connection. But as far as I know, the above covers everything required for kerberos to be used. Anyone know of *anything* else that could be coming into play, no matter how crazy it may sound? Duplicate SPNs, something to do with subnets, datacenters, air speed of a fully laden swallow...
Viewing 0 posts
You must be logged in to reply to this topic. Login to reply