SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Two SSRS servers, different behaviors...


Two SSRS servers, different behaviors...

Author
Message
jasona.work
jasona.work
SSCertifiable
SSCertifiable (5.5K reputation)SSCertifiable (5.5K reputation)SSCertifiable (5.5K reputation)SSCertifiable (5.5K reputation)SSCertifiable (5.5K reputation)SSCertifiable (5.5K reputation)SSCertifiable (5.5K reputation)SSCertifiable (5.5K reputation)

Group: General Forum Members
Points: 5513 Visits: 12024
I have two identical SSRS 2008 servers, which are behaving differently when users attempt to access SSRS. On the first (QA) users can access reports without needing to enter a user / password. On the 2nd server (Prod) the users are asked for their domain login, and if they are not added into an SSRS role, denied access.

The *ONLY* differences I have found are the following:
On Prod, IIS is configured for Windows Authentication (both servers have IIS installed and running)
On Prod, the certificate used for SSRS is the server self-signed, while QA has a cert (likely from the domain authority)

*ALL* configuration settings between the two instances of SSRS (with the obvious exceptions of the DBs, and the service accounts {which are domain accounts for just this purpose}) are the same. I've even looked in the rsconfig.xml files on both and checked the authentication settings (WindowsNTLM)

Any help would be appreciated on getting this resolved (I need both to behave like QA)

Thanks,
Jason A.
Jack Corbett
  Jack Corbett
SSC-Insane
SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)

Group: General Forum Members
Points: 24326 Visits: 14905
I believe that the users need to add the prod site to the trusted sites in IE.



Jack Corbett

Applications Developer

Don't let the good be the enemy of the best. -- Paul Fleming
At best you can say that one job may be more secure than another, but total job security is an illusion. -- Rod at work

Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
How to Post Performance Problems
Crosstabs and Pivots or How to turn rows into columns Part 1
Crosstabs and Pivots or How to turn rows into columns Part 2
jasona.work
jasona.work
SSCertifiable
SSCertifiable (5.5K reputation)SSCertifiable (5.5K reputation)SSCertifiable (5.5K reputation)SSCertifiable (5.5K reputation)SSCertifiable (5.5K reputation)SSCertifiable (5.5K reputation)SSCertifiable (5.5K reputation)SSCertifiable (5.5K reputation)

Group: General Forum Members
Points: 5513 Visits: 12024
The security policies of the workplace don't allow users to add / remove entries from their Trusted Sites list. Also, the domain that the servers (both QA and prod are on the same domain) is already in the trusted sites.

The ONLY other difference I'm seeing is that on QA the SSL Certificate being used is:
A) Good for "ALL IPs" while on Prod it's only for one IP (both servers have 3 IPs)
B) The FQDN on QA does NOT have the domain, only the server name, Prod has the FQDN with domain name

I'm stumped at this point...

Thanks,
Jason
jasona.work
jasona.work
SSCertifiable
SSCertifiable (5.5K reputation)SSCertifiable (5.5K reputation)SSCertifiable (5.5K reputation)SSCertifiable (5.5K reputation)SSCertifiable (5.5K reputation)SSCertifiable (5.5K reputation)SSCertifiable (5.5K reputation)SSCertifiable (5.5K reputation)

Group: General Forum Members
Points: 5513 Visits: 12024
Jack, I must apologize, as your answer was on the right track...

Turns out there's a few things I didn't know about the network here...

1. While *.domain.com is in the Trusted sites, it apparently doesn't work too well...
2. Adding the servername.domain.com to the Local Intranet via GPOs did resolve the problem...

So, thank you!

It looks like the reason the QA server worked, is it doesn't use the FQDN. While a solution was briefly considered to get a new SSL Cert for Prod without the FQDN, turns out policy says NO to this.

A week of banging my head against this, and I had the answer on Tuesday...

Really, eye R schmart!
Rolleyes
Jason
Jack Corbett
  Jack Corbett
SSC-Insane
SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)

Group: General Forum Members
Points: 24326 Visits: 14905
Jason,

It's not like we all haven't been there before. Just glad you got the issue sorted out.

-Jack



Jack Corbett

Applications Developer

Don't let the good be the enemy of the best. -- Paul Fleming
At best you can say that one job may be more secure than another, but total job security is an illusion. -- Rod at work

Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
How to Post Performance Problems
Crosstabs and Pivots or How to turn rows into columns Part 1
Crosstabs and Pivots or How to turn rows into columns Part 2
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search