July 4, 2008 at 6:51 am
Did you run the Report Services Configuration wizard?
Is everything running on one box? (Multiple boxes requires some considerations regarding security setup.)
Are the IIS virtual directories (Reports and ReportService) set to Integrated Authentication?
Can you access the service via IE (i.e. http://localhost/reports) without a login prompt? (If not, you don't have Integrated Authentication set up.)
For multi-machine deployments and some notes on Kerberos, check the following links:
http://msdn.microsoft.com/en-us/library/cc281253(SQL.100).aspx
http://msdn.microsoft.com/en-us/library/cc281310(SQL.100).aspx
http://msdn.microsoft.com/en-us/library/bb522727(SQL.100).aspx
July 6, 2008 at 11:01 pm
Hi Dave,
* My virtual directories in IIS, all are Integrated authentication ( see the attachments 'Authentication Methods.doc') but when I tried to browse them, it says "You are not authorized to view this page" HTTP 401.2 - Unauthorized: Logon failed due to server configuration
Internet Information Services
* How will I know if my report server supports Kerberos?
* Can you tell me where I could find the Report Manager?
* In the attachment reporting services configuration manager.doc It shows there the default settings of reporting services configuration manager after I reinstalled the SQL Server 2005.
Dave I'm so new to this.:D.. so be patient to me okay?;)
Thanks...
July 7, 2008 at 7:45 am
Your Report Services implementation looks clean. Don't worry about the email & run time account. (You don't need them for what you're attempting.)
The 401.2 error indicates that there's a problem contacting your domain controler: http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/b1e3c76d-7569-4538-86bc-bd8194eb4823.mspx?mfr=true
I'd start going through the event logs, looking for problems or issues.
As it relates to Kerberos, it's a non issue when everything is on the same box. (I'm assuming this is a local machine, right?). If it's a remote (aka server) machine, make sure your IE settings allow IE to pass credentials automatically. The easiest way to do that is to make sure this server si part of your "Trusted Sites", but double check your IE settings. Some companies tweak those settings (incorrectly!).
With Kerberos, it's more involved to check out all of the pieces. But basically:
- Any service accounts that'll be impersonating users must have their "Trusted for Impersonation" flag turned on. My experience is that many domain admins don't understand this flag, or know where it is so double check.
- Service Principal Names (SPNs) must be set up and registered for the services that'll be performing this function. Basically, it's a combination of machine & service, that the domain recognizes will be doing this operation. Look up the documentation on SETSPN.
And the usual, does the acocunt have the right access. Use the default security groups created with the MSRS install if the service account isn't in the machines local admin group. (Putting it in the "Administrators" group is a quick way to make sure the "plumbing" is working", before going to a more restrictive security model.
Again, if you're on one machine, all of this is moot. I'd try tracking down the 401.2 error, because that indicates that at a simple, HTTP and IIS level, you're not properly authenticating.
Cheers.
July 8, 2008 at 11:47 pm
Hi Dave,
Yes its only on local machine. And about the SETSPN I cannot add an account which ever I typed in namehostname (setspn -aservice/namehostname). And according to what have I read about SPN and Kerberos, "SQL Server only uses Kerberos if the client uses the TCP/IP protocol to connect to SQL Server. For example, if a client uses the Named Pipes protocol, Kerberos is not used. If you have multiple instances of SQL Server on a computer, you must configure a Server Principal Name (SPN) for each instance of SQL Server because each instance of SQL Server uses a unique TCP-IP port."
"If the SQL Server service is running under the LocalSystem account, you do not have to manually configure an SPN for SQL Server. The SPN is created automatically when the SQL Server service starts. If the SQL Server service runs under a domain user account, you must manually configure an SPN."
And about what you have said....
"And the usual, does the acocunt have the right access. Use the default security groups created with the MSRS install if the service account isn't in the machines local admin group. (Putting it in the "Administrators" group is a quick way to make sure the "plumbing" is working", before going to a more restrictive security model."
I dunno how to have right access to my account. Actually my account has admin permissions.
Thanks......:)
July 9, 2008 at 5:28 am
Ive had that problem before, everytime i deployed the login box would pop up and it was because i had the incorrect URL typed in to deploy too..
Is this a new reporting server?
July 9, 2008 at 7:39 pm
Hi Vee Van,
What do you mean by new reporting server?
By the way I am using the default URL http://localhost/ReportServer....
thanks:)
July 11, 2008 at 12:01 am
what i mean is, have you deployed other reports before? has anyone else? ones that have worked, if so are you deploying to the same url as them. Did you configure the reporting server yourself?
July 11, 2008 at 11:43 am
what's your IIS authentication settings? You should only set the "Intergrated Windows Authentication" when you deploy your report. After deploying, then check the "Anonymous access", by using this you can let others browse the report.
August 9, 2008 at 2:26 pm
okay people .... THIS HAS NOTHING TO DO WITH DATASOURCES He is not able to depploy the report to the server... I am experiencing the same problem as well.
August 10, 2008 at 7:14 pm
I suspect that "shouting" is not likely to help anyone...
August 11, 2008 at 5:01 am
I had the same problem last week with the Login box and I resolved this issue by setting the IIS Directory Security settings on the server that hosts the reports. I disabled Anonymous Access and enabled Integrated Windows Authentication.
August 20, 2008 at 9:49 am
Hello,
I have the same problem now. It was all working before. I've had deployed more than 25 reports. But now all of a sudden its prompting for username and password?
Any help?
thks,
Sudhakar
thks,
//S
August 20, 2008 at 10:06 am
Make sure the deployment settings of your Report Project are correct. Check that your TargetServerURL is: "http://ServerName/ReportServer" and NOT http://ServerName/Reports".
If that still does not work check your IIS security settings.
August 21, 2008 at 7:56 am
I've been playing with Reporting Services and Analysis Services for the first time and I had this same issue with the login dialog box popping up when deploying reports.
The solution that worked for me was to open the "Reporting Services Configuration Manager" and under the "Windows Service identity", change the account to a my windows login account. The built-in Account "Local System" would never work correctly for me when it came to authentication.
My login account has admin on my box, so if your company doesn't allow this then this solution certainly will not work for you.
August 22, 2008 at 4:51 am
Don't know if you have tried, but did you check the save password box? I found if that is not checked the sign in prompt box will appear.
Viewing 15 posts - 16 through 30 (of 72 total)
You must be logged in to reply to this topic. Login to reply