Great article - Thanks.
I'm having a few issue getting this working however (although I had it working earlier this morning, I've now broken it - not sure how).
As far as I can see I've set up everying that's required, but something is clearly missing.
I'll try and give you as much information as I can.
- My solution invovles 2 servers SQLTEST01 and SQLTEST02.
- Both servers are trusted for delegation withing ActiveDirectory
- both have the following services running under a domain account DOMAIN\SQLTest.svc
- SQL Server (Default Instance)
- SSRS (default Instance)
- IIS 6.0
- ReportServer & Report Manager Use an application pools, running as DOMAIN\SQLTest.svc
- Website security is set to Integrated Windows Authentication
SSRS > Database Connection
I'm using SSRS with mirrored database, so I use a DNS record to point users to the correct Database server, which will hold the Principle database, which will float between the servers.
I have that all working - but it creates this 'double-hop' scenario, from SSRS
So I have setup the following SPN records for the service account DOMAIN\SQLTest.svc:
Registered ServicePrincipalNames for CN=SQL Test,OU=Service Accounts,OU=Tilbury,
The scats_test and iris_test are for the 'Principle' server, which could be either SQLTEST01 or SQLTEST02.
to simply the SSRS side, I and login on to SQLTEST02 Report Server, which has the following DNS References:
When running a report, where I have set the RS Data Source to use Windows Integrated Security, I get the Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON' - so it's not using kerberos. I can't spot why though.
Your help - or that of anyone else who has it working would be appreciated. :ermm:
Some additional information to add:
It would appear, if I connect to my report server on SQLTEST02 using http://sqltest02/Reports/ Kerberos connection works, but if I use http://iristestrs/Reports/ i get the Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
What do I need to do to get the SPN for iristestrs working?
MCITP: Business Intelligence Developer (2005)