SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Cross Domain Authentication for a Reporting Services Server


Cross Domain Authentication for a Reporting Services Server

Author
Message
Greg Milner
Greg Milner
Ten Centuries
Ten Centuries (1K reputation)Ten Centuries (1K reputation)Ten Centuries (1K reputation)Ten Centuries (1K reputation)Ten Centuries (1K reputation)Ten Centuries (1K reputation)Ten Centuries (1K reputation)Ten Centuries (1K reputation)

Group: General Forum Members
Points: 1041 Visits: 495
I am trying to figure out how to make a Reporting Services server see a database on another domain. The RS Server is in MYDOMAIN (server: MYDEVRPT01) but the database (TargetDB) is in the OTHERDOM domain, specifically on SQL Server TARGETSERV. The RS Server reporting services service currently runs under NETWORK SERVICE, but I have already tried various things among them running the RS Service under OTHERDOM\myaccount which has access to TargetDB on TARGETSERV. This, even with OTHERDOM\myaccount in the Adminstrators group on MYDEVRPT01. Note that I personally can use OTHERDOM\myaccount to access stuff on the OTHERDOM in SSMS from my workstation but only with VPN activated. No matter what I do I get an error saying it cannot connect.

Is there some sort of combination I need here to get my MYDOMAIN based report server to see TargetDB on TARGETSERV on OTHERDOM? Do I need the AD Admin to set up some sort of delegation so that MYDOMAIN\RSServiceAcct or OTHERDOM\RSServiceAccount, or even OTHERDOM\myaccount can "see" the other server (without VPN, of course)?

My Reporting Server is SQL Server 2008 SP1. TARGETSERV is running SQL Server 2005.

Thanks in advance.

G. Milner
Gift Peddie
Gift Peddie
SSC-Dedicated
SSC-Dedicated (35K reputation)SSC-Dedicated (35K reputation)SSC-Dedicated (35K reputation)SSC-Dedicated (35K reputation)SSC-Dedicated (35K reputation)SSC-Dedicated (35K reputation)SSC-Dedicated (35K reputation)SSC-Dedicated (35K reputation)

Group: General Forum Members
Points: 35216 Visits: 14456
If I remember correctly this is not a SQL Server problem but rather VS2008 needs help to see SQL Server 2005 even when both are in the same box. So here is what you do in SQL Server 2008 and 2005 make sure remote connection is allowed, both TCP/IP and Named Pipes enabled. Then both Windows and SQL authentication enabled and the browser service turned on, and SQL Server 2005 registered with SQL Server 2008. Then manually create and configure a connection it will bring up SQL Server 2008 manually remove it and you will see SQL Server 2005 under that connection add it and test you connection.

Kind regards,
Gift Peddie
Greg Milner
Greg Milner
Ten Centuries
Ten Centuries (1K reputation)Ten Centuries (1K reputation)Ten Centuries (1K reputation)Ten Centuries (1K reputation)Ten Centuries (1K reputation)Ten Centuries (1K reputation)Ten Centuries (1K reputation)Ten Centuries (1K reputation)

Group: General Forum Members
Points: 1041 Visits: 495
Hi, Gift.

Thanks for your response.

I don't really understand what VS2008 would have to do with it since the Server that can't connect (MYDEVRPT01) only has Reporting Services 2008 installed on it and not even the DB Engine or any SQL tools at all.

Cheers.

G D Milner

G. Milner
Gift Peddie
Gift Peddie
SSC-Dedicated
SSC-Dedicated (35K reputation)SSC-Dedicated (35K reputation)SSC-Dedicated (35K reputation)SSC-Dedicated (35K reputation)SSC-Dedicated (35K reputation)SSC-Dedicated (35K reputation)SSC-Dedicated (35K reputation)SSC-Dedicated (35K reputation)

Group: General Forum Members
Points: 35216 Visits: 14456
My answer was based on your original post because what I now understand you are trying to do is a hack using SQL Server 2005 relational engine to run SSRS 2008. That is possible however I have not seen separate server or cross domain implementations.

It is generally used by developers running Vista editions which comes with IIS7 without Windows authentication which is required for SSRS 2005. So check the link below go to the last comment and you will see

install SQL Server Reporting Services 2008 only (not database engine as well) and created the ReportServer database on my SQL Server 2005 instance using the SSRS 2008 Configuration Manager.


http://blogs.msdn.com/bwelcker/archive/2007/03/19/candy-apple-grey-installing-ssrs-and-windows-vista.aspx

Kind regards,
Gift Peddie
bu007
bu007
SSC Veteran
SSC Veteran (206 reputation)SSC Veteran (206 reputation)SSC Veteran (206 reputation)SSC Veteran (206 reputation)SSC Veteran (206 reputation)SSC Veteran (206 reputation)SSC Veteran (206 reputation)SSC Veteran (206 reputation)

Group: General Forum Members
Points: 206 Visits: 32
Hi,
I experienced exactly the same issue with my SSRS 2008 report.
My report connects to a SQLServer 2005 db that sits on a different windows domain.

Have you found anything to reslove your issue so far.
Could please post your steps?

Thanks in advance for your efforts!
Bodo
anthony.green
anthony.green
SSC Guru
SSC Guru (53K reputation)SSC Guru (53K reputation)SSC Guru (53K reputation)SSC Guru (53K reputation)SSC Guru (53K reputation)SSC Guru (53K reputation)SSC Guru (53K reputation)SSC Guru (53K reputation)

Group: General Forum Members
Points: 53462 Visits: 8000
you will need trusts in place between the domains, kerberos authentication and SPN's setting up to allow the pass through of windows authentication accounts to cross domains



How to post data/code for the best help - Jeff Moden
Need a string splitter, try this - Jeff Moden
How to post performance problems - Gail Shaw
Managing Transaction Logs - Gail Shaw
Troubleshooting SQL Server: A Guide for the Accidental DBA - Jonathan Kehayias and Ted Krueger


Edward Mlynar
Edward Mlynar
SSC Eights!
SSC Eights! (823 reputation)SSC Eights! (823 reputation)SSC Eights! (823 reputation)SSC Eights! (823 reputation)SSC Eights! (823 reputation)SSC Eights! (823 reputation)SSC Eights! (823 reputation)SSC Eights! (823 reputation)

Group: General Forum Members
Points: 823 Visits: 249
anthony.green (3/29/2012)
you will need trusts in place between the domains, kerberos authentication and SPN's setting up to allow the pass through of windows authentication accounts to cross domains


How do we do that?

I have a similar issue where users from a domain that is in a trusted forest cannot access SSRS. I can't even add them because I get the "is not recognized" error.

I have changed the service account for SSRS to a domain account and ran the SETSPN command (Setspn -s http/reportingserver.domain.com:80 Domain\ServiceAccount). The AuthenticationTypes is set to <RSWindowsNTLM/> in rsreportserver.config.

Do we also need to run the SETSPN command on the second domain that is in the trusted forest?

...
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum







































































































































































SQLServerCentral


Search