June 8, 2021 at 3:52 pm
Running SSRS 2017 native on server 2016 without IIS
We've installed a wildcard cert but it won't bind.
The service account is a Virtual Service Account and wondering if that is my issue?
I'm referring to this document and one of the commands is to add an https reservation which requires the service account. That got me wondering if running as a VSA is the problem. Any help would be appreciated, thx.
This is the cert binding error I'm seeing:
Microsoft.ReportingServices.WmiProvider.WMIProviderException: An unknown error has occurred in the WMI Provider. Error Code 80070520
---> System.Runtime.InteropServices.COMException: A specified logon session does not exist. It may already have been terminated. (Exception from HRESULT: 0x80070520)
--- End of inner exception stack trace ---
at Microsoft.ReportingServices.WmiProvider.RSWmiAdmin.ThrowOnError(ManagementBaseObject mo)
at Microsoft.ReportingServices.WmiProvider.RSWmiAdmin.CreateSSLCertificateBinding(String application, String certificateHash, String ipAddress, Int32 port)
at ReportServicesConfigUI.WMIProvider.RSReportServerAdmin.CreateSSLCertificateBinding(UrlApplication app, String certificateHash, String ipAddress, Int32 port)
June 8, 2021 at 5:18 pm
When I set up a wildcard cert for my SQL Server 2016 instance, I didn't actually follow that tutorial at all. My approach was to test it on the test server, and once I confirmed that that worked, repeat it on live.
My approach was to ONLY use the GUI to enable HTTPS, so about half-way through step 2 of the document you were following is basically where I started things off. I did NOT delete anything or update any configuration files manually. I also didn't do any of the registry edits it says to do in step 3. And step 2 appears to miss a step that I recommend - adjust the Web Portal settings to use your wildcard certificate as well.
If you have a snapshot of that server prior to your changes, I would revert back and try the approach I gave of JUST updating the settings via the GUI and see if it works. if you don't have a snapshot of the VM, I'm hoping that your changes were on test and I'd try just making the changes in the GUI and ONLY go to that document if you have issues.
To summarize what steps I would take:
1 - revert to the snapshot/backup you had from before you deleted the entries with the "netsh" command (ie get back to a last known good state)
2 - start the Reporting Services Configuration Manager and connect to your SSRS instance
3 - Click on "Web Service URL"
4 - Click on Advanced
5 -(OPTIONAL) REMOVE the listener on port 80 if you don't want HTTP only traffic
6 - ADD an HTTPS connector using your wildcard certificate
7 - Click on "Web Portal URL"
8 - repeat steps 4 through 6
And you should be good to go and running on HTTPS. If you did step 5, you will be running on HTTPS ONLY with nothing listening on port 80 (HTTP) anymore.
Note - if you can't do step 1, I would recommend doing a repair install on SSRS JUST to make sure things are in a good state before you begin. If this is not an option, it MAY work by starting at step 2, or it may give errors. I am not certain.
Note 2 - My setup was that it was an internal-only website, so HTTPS was not a requirement when it was initially set up. When HTTPS became a requirement from the IT department, they provided me with a wildcard certificate to use. So I had no certificate installed prior to switching to HTTPS. With step 5 above, I did that step for the Web Portal URL, but not the Web Service URL as I wasn't certain if anyone was using the web service URL, but I expect I could remove it on the service URL too.
The above is all just my opinion on what you should do.
As with all advice you find on a random internet forum - you shouldn't blindly follow it. Always test on a test server to see if there is negative side effects before making changes to live!
I recommend you NEVER run "random code" you found online on any system you care about UNLESS you understand and can verify the code OR you don't care if the code trashes your system.
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply