| Groups | Blog | Home |
sql server reporting services : Reporting Services IIS authentication
SQL 2005 was first installed on a Win 2003 Server sans the Reporting Services because IIS was not installed. Then we installed IIS and then RS and then reapplied SP2 for SQL2005. RS runs under an appPool that is configured with a local account that has admin priv. I log into an AD domain account, my domain account is also in the local admins group on this server. On an XP client using IE I try to browse to the reports virtual directory and am prompted for credentials. It looks like the web page wants to display but the images are not shown. When I hit cancel in the credentials box one of the missing images now displays the missing image icon. I do this 5 or 6 times to get the credentials box to go away. I am now looking at the Home page (with no images) It is almost as if my account doesn't have permissions to read the image files even though I am an admin on the machine. Note: I tried many username/ passwords in the credentials box including domain admins to no avail. I don't get much farther than this, when I click on a link such as Site Settings, sometimes it will take me to the page but most times it will display the "You are not authorized to view this page" message. [As an aside, a couple times after clicking cancel many times in response to the credentials box it let me navigate all of the links and displayed all of the images. When I would close the browser and try again the credentials box issue was back. Getting it to work like this is not repeatable] I dropped an aspx page into the ReportManager folder (same one that contains the Home.aspx) that contains this: id=windowsidentity.getcurrent() if not id is nothing then windows.Text = "WindowsIdentitly.GetCurrent(): " & id.Name & ", " & id.IsAuthenticated.ToString() & ", " & id.AuthenticationType end if When I browse to this page it shows that the RS site IS authenticating my domain account [DOMAIN\username] but the authentication type is NTLM. On another server where I have RS working this same page shows Kerberos. I am at wits end. Thank you in advance for any help Scot
On Oct 4, 3:56 pm, cal...@online.microsoft.com (Chris Alton [MSFT])
[quoted text, click to view] wrote: > Check the IIS logs and see what the HTTP Code was for the image file > access. That should help you start pinpointing where the authentication > issue resides. > > Once you get those log entries you can post them here and I'll take a look > and see if I can help. > ------------------------------------- > Chris Alton, Microsoft Corp. > SQL Server Developer Support Engineer > This posting is provided "AS IS" with no warranties, and confers no rights. > -------------------- > > > > > From: scot.hau...@gmail.com > > Newsgroups: microsoft.public.sqlserver.reportingsvcs > > Subject: Reporting Services IIS authentication > > Date: Thu, 04 Oct 2007 12:53:54 -0700 > > > Hi > > > SQL 2005 was first installed on a Win 2003 Server sans the Reporting > > Services because IIS was not installed. Then we installed IIS and then > > RS and then reapplied SP2 for SQL2005. RS runs under an appPool that > > is configured with a local account that has admin priv. I log into an > > AD domain account, my domain account is also in the local admins group > > on this server. > > > On an XP client using IE I try to browse to the reports virtual > > directory and am prompted for credentials. It looks like the web page > > wants to display but the images are not shown. When I hit cancel in > > the credentials box one of the missing images now displays the missing > > image icon. I do this 5 or 6 times to get the credentials box to go > > away. I am now looking at the Home page (with no images) It is almost > > as if my account doesn't have permissions to read the image files even > > though I am an admin on the machine. Note: I tried many username/ > > passwords in the credentials box including domain admins to no avail. > > > I don't get much farther than this, when I click on a link such as > > Site Settings, sometimes it will take me to the page but most times it > > will display the "You are not authorized to view this page" message. > > [As an aside, a couple times after clicking cancel many times in > > response to the credentials box it let me navigate all of the links > > and displayed all of the images. When I would close the browser and > > try again the credentials box issue was back. Getting it to work like > > this is not repeatable] > > > I dropped an aspx page into the ReportManager folder (same one that > > contains the Home.aspx) that contains this: > > > id=windowsidentity.getcurrent() > > if not id is nothing then > > windows.Text = "WindowsIdentitly.GetCurrent(): " & > > id.Name & ", " & id.IsAuthenticated.ToString() & ", " & > > id.AuthenticationType > > end if > > > When I browse to this page it shows that the RS site IS authenticating > > my domain account [DOMAIN\username] but the authentication type is > > NTLM. On another server where I have RS working this same page shows > > Kerberos. > > > I am at wits end. Thank you in advance for any help > > > Scot- Hide quoted text - > > - Show quoted text - Hi Chris Here is my last session: #Software: Microsoft Internet Information Services 6.0 #Version: 1.0 #Date: 2007-10-04 20:17:53 #Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32- status 2007-10-04 20:17:53 W3SVC1 10.100.10.37 GET /Reports/Pages/Folder.aspx ItemPath=%2fData+Sources&ViewMode=List 80 - 10.100.100.217 Mozilla/4.0+ (compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+InfoPath.1;+.NET+CLR +2.0.50727;+.NET+CLR+1.1.4322) 401 2 2148074254 2007-10-04 20:17:53 W3SVC1 10.100.10.37 GET /Reports/Pages/Folder.aspx ItemPath=%2fData+Sources&ViewMode=List 80 - 10.100.100.217 Mozilla/4.0+ (compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+InfoPath.1;+.NET+CLR +2.0.50727;+.NET+CLR+1.1.4322) 401 1 0 2007-10-04 20:17:53 W3SVC1 10.100.10.37 GET /Reports/Pages/Folder.aspx ItemPath=%2fData+Sources&ViewMode=List 80 - 10.100.100.217 Mozilla/4.0+ (compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+InfoPath.1;+.NET+CLR +2.0.50727;+.NET+CLR+1.1.4322) 401 1 0 2007-10-04 20:18:06 W3SVC1 127.0.0.1 POST /ReportServer/ ReportService2005.asmx - 80 - 127.0.0.1 - 401 2 2148074254 2007-10-04 20:18:06 W3SVC1 127.0.0.1 POST /ReportServer/ ReportService2005.asmx - 80 - 127.0.0.1 - 401 1 0 2007-10-04 20:18:16 W3SVC1 127.0.0.1 POST /ReportServer/ ReportService2005.asmx - 80 GROUPO\scoth 127.0.0.1 - 200 0 0 2007-10-04 20:18:16 W3SVC1 127.0.0.1 POST /ReportServer/ ReportService2005.asmx - 80 - 127.0.0.1 - 401 2 2148074254 2007-10-04 20:18:16 W3SVC1 127.0.0.1 POST /ReportServer/ ReportService2005.asmx - 80 - 127.0.0.1 - 401 1 0 2007-10-04 20:18:16 W3SVC1 127.0.0.1 POST /ReportServer/ ReportService2005.asmx - 80 GROUPO\scoth 127.0.0.1 - 200 0 0 2007-10-04 20:18:16 W3SVC1 127.0.0.1 POST /ReportServer/ ReportService2005.asmx - 80 - 127.0.0.1 - 401 2 2148074254 2007-10-04 20:18:16 W3SVC1 127.0.0.1 POST /ReportServer/ ReportService2005.asmx - 80 - 127.0.0.1 - 401 1 0 2007-10-04 20:18:16 W3SVC1 127.0.0.1 POST /ReportServer/ ReportService2005.asmx - 80 GROUPO\scoth 127.0.0.1 - 200 0 0 2007-10-04 20:18:16 W3SVC1 127.0.0.1 POST /ReportServer/ ReportService2005.asmx - 80 - 127.0.0.1 - 401 2 2148074254 2007-10-04 20:18:16 W3SVC1 127.0.0.1 POST /ReportServer/ ReportService2005.asmx - 80 - 127.0.0.1 - 401 1 0 2007-10-04 20:18:16 W3SVC1 127.0.0.1 POST /ReportServer/ ReportService2005.asmx - 80 GROUPO\scoth 127.0.0.1 - 200 0 0 2007-10-04 20:18:16 W3SVC1 127.0.0.1 POST /ReportServer/ ReportService2005.asmx - 80 - 127.0.0.1 - 401 2 2148074254 2007-10-04 20:18:16 W3SVC1 127.0.0.1 POST /ReportServer/ ReportService2005.asmx - 80 - 127.0.0.1 - 401 1 0 2007-10-04 20:18:16 W3SVC1 127.0.0.1 POST /ReportServer/ ReportService2005.asmx - 80 GROUPO\scoth 127.0.0.1 - 200 0 0 2007-10-04 20:18:16 W3SVC1 127.0.0.1 POST /ReportServer/ ReportService2005.asmx - 80 - 127.0.0.1 - 401 2 2148074254 2007-10-04 20:18:16 W3SVC1 127.0.0.1 POST /ReportServer/ ReportService2005.asmx - 80 - 127.0.0.1 - 401 1 0 2007-10-04 20:18:16 W3SVC1 127.0.0.1 POST /ReportServer/ ReportService2005.asmx - 80 GROUPO\scoth 127.0.0.1 - 200 0 0 2007-10-04 20:18:16 W3SVC1 127.0.0.1 POST /ReportServer/ ReportService2005.asmx - 80 - 127.0.0.1 - 401 2 2148074254 2007-10-04 20:18:16 W3SVC1 127.0.0.1 POST /ReportServer/ ReportService2005.asmx - 80 - 127.0.0.1 - 401 1 0 2007-10-04 20:18:16 W3SVC1 127.0.0.1 POST /ReportServer/ ReportService2005.asmx - 80 GROUPO\scoth 127.0.0.1 - 200 0 0 2007-10-04 20:18:16 W3SVC1 10.100.10.37 GET /Reports/Pages/Folder.aspx ItemPath=%2fData+Sources&ViewMode=List 80 GROUPO\scoth 10.100.100.217 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+InfoPath. 1;+.NET+CLR+2.0.50727;+.NET+CLR+1.1.4322) 200 0 0 2007-10-04 20:18:16 W3SVC1 10.100.10.37 GET /Reports/js/ ReportingServices.js - 80 GROUPO\scoth 10.100.100.217 Mozilla/4.0+
Check the IIS logs and see what the HTTP Code was for the image file
access. That should help you start pinpointing where the authentication issue resides. Once you get those log entries you can post them here and I'll take a look and see if I can help. ------------------------------------- Chris Alton, Microsoft Corp. SQL Server Developer Support Engineer This posting is provided "AS IS" with no warranties, and confers no rights. -------------------- [quoted text, click to view] > From: scot.hauder@gmail.com
> Newsgroups: microsoft.public.sqlserver.reportingsvcs > Subject: Reporting Services IIS authentication > Date: Thu, 04 Oct 2007 12:53:54 -0700 > > Hi > > SQL 2005 was first installed on a Win 2003 Server sans the Reporting > Services because IIS was not installed. Then we installed IIS and then > RS and then reapplied SP2 for SQL2005. RS runs under an appPool that > is configured with a local account that has admin priv. I log into an > AD domain account, my domain account is also in the local admins group > on this server. > > On an XP client using IE I try to browse to the reports virtual > directory and am prompted for credentials. It looks like the web page > wants to display but the images are not shown. When I hit cancel in > the credentials box one of the missing images now displays the missing > image icon. I do this 5 or 6 times to get the credentials box to go > away. I am now looking at the Home page (with no images) It is almost > as if my account doesn't have permissions to read the image files even > though I am an admin on the machine. Note: I tried many username/ > passwords in the credentials box including domain admins to no avail. > > I don't get much farther than this, when I click on a link such as > Site Settings, sometimes it will take me to the page but most times it > will display the "You are not authorized to view this page" message. > [As an aside, a couple times after clicking cancel many times in > response to the credentials box it let me navigate all of the links > and displayed all of the images. When I would close the browser and > try again the credentials box issue was back. Getting it to work like > this is not repeatable] > > I dropped an aspx page into the ReportManager folder (same one that > contains the Home.aspx) that contains this: > > id=windowsidentity.getcurrent() > if not id is nothing then > windows.Text = "WindowsIdentitly.GetCurrent(): " & > id.Name & ", " & id.IsAuthenticated.ToString() & ", " & > id.AuthenticationType > end if > > > When I browse to this page it shows that the RS site IS authenticating > my domain account [DOMAIN\username] but the authentication type is > NTLM. On another server where I have RS working this same page shows > Kerberos. > > I am at wits end. Thank you in advance for any help > > Scot > >
You are getting 401.1 errors on the image files for some reason. Try doing
this and see if it helps. 1. Open the SRS Configuration Tool. 2. Go to the Report Server and Report Manager virtual directory tabs and check the "Apply Default Settings" check box 3. Click "Apply" on both of those pages to reset the VDIR settings. 4. Try it again. 5. If that doesn't work delete the Virtual Directories from IIS and then use the configuration tool to recreate them from scratch. 6. If THAT doesn't work make sure that the local account that the app pool is running under has file permissions to all of the files in the ReportServer and ReportManager directories and their subdirectories. Let me know if any of that works. ------------------------------------- Chris Alton, Microsoft Corp. SQL Server Developer Support Engineer This posting is provided "AS IS" with no warranties, and confers no rights. -------------------- [quoted text, click to view] > From: scot.hauder@gmail.com
> Newsgroups: microsoft.public.sqlserver.reportingsvcs > Subject: Re: Reporting Services IIS authentication > Date: Thu, 04 Oct 2007 14:37:29 -0700 > > On Oct 4, 3:56 pm, cal...@online.microsoft.com (Chris Alton [MSFT]) > wrote: > > Check the IIS logs and see what the HTTP Code was for the image file > > access. That should help you start pinpointing where the authentication > > issue resides. > > > > Once you get those log entries you can post them here and I'll take a look > > and see if I can help. > > ------------------------------------- > > Chris Alton, Microsoft Corp. > > SQL Server Developer Support Engineer > > This posting is provided "AS IS" with no warranties, and confers no rights. > > -------------------- > > > > > > > > > From: scot.hau...@gmail.com > > > Newsgroups: microsoft.public.sqlserver.reportingsvcs > > > Subject: Reporting Services IIS authentication > > > Date: Thu, 04 Oct 2007 12:53:54 -0700 > > > > > Hi > > > > > SQL 2005 was first installed on a Win 2003 Server sans the Reporting > > > Services because IIS was not installed. Then we installed IIS and then > > > RS and then reapplied SP2 for SQL2005. RS runs under an appPool that > > > is configured with a local account that has admin priv. I log into an > > > AD domain account, my domain account is also in the local admins group > > > on this server. > > > > > On an XP client using IE I try to browse to the reports virtual > > > directory and am prompted for credentials. It looks like the web page > > > wants to display but the images are not shown. When I hit cancel in > > > the credentials box one of the missing images now displays the missing > > > image icon. I do this 5 or 6 times to get the credentials box to go > > > away. I am now looking at the Home page (with no images) It is almost > > > as if my account doesn't have permissions to read the image files even > > > though I am an admin on the machine. Note: I tried many username/ > > > passwords in the credentials box including domain admins to no avail. > > > > > I don't get much farther than this, when I click on a link such as > > > Site Settings, sometimes it will take me to the page but most times it > > > will display the "You are not authorized to view this page" message. > > > [As an aside, a couple times after clicking cancel many times in > > > response to the credentials box it let me navigate all of the links > > > and displayed all of the images. When I would close the browser and > > > try again the credentials box issue was back. Getting it to work like > > > this is not repeatable] > > > > > I dropped an aspx page into the ReportManager folder (same one that > > > contains the Home.aspx) that contains this: > > > > > id=windowsidentity.getcurrent() > > > if not id is nothing then > > > windows.Text = "WindowsIdentitly.GetCurrent(): " & > > > id.Name & ", " & id.IsAuthenticated.ToString() & ", " & > > > id.AuthenticationType > > > end if > > > > > When I browse to this page it shows that the RS site IS authenticating > > > my domain account [DOMAIN\username] but the authentication type is > > > NTLM. On another server where I have RS working this same page shows > > > Kerberos. > > > > > I am at wits end. Thank you in advance for any help > > > > > Scot- Hide quoted text - > > > > - Show quoted text - > > Hi Chris > Here is my last session: > > #Software: Microsoft Internet Information Services 6.0 > #Version: 1.0 > #Date: 2007-10-04 20:17:53 > #Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query > s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32- > status > 2007-10-04 20:17:53 W3SVC1 10.100.10.37 GET /Reports/Pages/Folder.aspx > ItemPath=%2fData+Sources&ViewMode=List 80 - 10.100.100.217 Mozilla/4.0+ > (compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+InfoPath.1;+.NET+CLR > +2.0.50727;+.NET+CLR+1.1.4322) 401 2 2148074254 > 2007-10-04 20:17:53 W3SVC1 10.100.10.37 GET /Reports/Pages/Folder.aspx > ItemPath=%2fData+Sources&ViewMode=List 80 - 10.100.100.217 Mozilla/4.0+ > (compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+InfoPath.1;+.NET+CLR > +2.0.50727;+.NET+CLR+1.1.4322) 401 1 0 > 2007-10-04 20:17:53 W3SVC1 10.100.10.37 GET /Reports/Pages/Folder.aspx > ItemPath=%2fData+Sources&ViewMode=List 80 - 10.100.100.217 Mozilla/4.0+ > (compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+InfoPath.1;+.NET+CLR > +2.0.50727;+.NET+CLR+1.1.4322) 401 1 0 > 2007-10-04 20:18:06 W3SVC1 127.0.0.1 POST /ReportServer/ > ReportService2005.asmx - 80 - 127.0.0.1 - 401 2 2148074254 > 2007-10-04 20:18:06 W3SVC1 127.0.0.1 POST /ReportServer/ > ReportService2005.asmx - 80 - 127.0.0.1 - 401 1 0 > 2007-10-04 20:18:16 W3SVC1 127.0.0.1 POST /ReportServer/ > ReportService2005.asmx - 80 GROUPO\scoth 127.0.0.1 - 200 0 0 > 2007-10-04 20:18:16 W3SVC1 127.0.0.1 POST /ReportServer/ > ReportService2005.asmx - 80 - 127.0.0.1 - 401 2 2148074254 > 2007-10-04 20:18:16 W3SVC1 127.0.0.1 POST /ReportServer/ > ReportService2005.asmx - 80 - 127.0.0.1 - 401 1 0 > 2007-10-04 20:18:16 W3SVC1 127.0.0.1 POST /ReportServer/ > ReportService2005.asmx - 80 GROUPO\scoth 127.0.0.1 - 200 0 0 > 2007-10-04 20:18:16 W3SVC1 127.0.0.1 POST /ReportServer/ > ReportService2005.asmx - 80 - 127.0.0.1 - 401 2 2148074254 > 2007-10-04 20:18:16 W3SVC1 127.0.0.1 POST /ReportServer/ > ReportService2005.asmx - 80 - 127.0.0.1 - 401 1 0 > 2007-10-04 20:18:16 W3SVC1 127.0.0.1 POST /ReportServer/ > ReportService2005.asmx - 80 GROUPO\scoth 127.0.0.1 - 200 0 0 > 2007-10-04 20:18:16 W3SVC1 127.0.0.1 POST /ReportServer/ > ReportService2005.asmx - 80 - 127.0.0.1 - 401 2 2148074254 > 2007-10-04 20:18:16 W3SVC1 127.0.0.1 POST /ReportServer/ > ReportService2005.asmx - 80 - 127.0.0.1 - 401 1 0 > 2007-10-04 20:18:16 W3SVC1 127.0.0.1 POST /ReportServer/ > ReportService2005.asmx - 80 GROUPO\scoth 127.0.0.1 - 200 0 0 > 2007-10-04 20:18:16 W3SVC1 127.0.0.1 POST /ReportServer/
On Oct 5, 8:44 am, cal...@online.microsoft.com (Chris Alton [MSFT])
[quoted text, click to view] wrote:
> You are getting 401.1 errors on the image files for some reason. Try doing > this and see if it helps. > > 1. Open the SRS Configuration Tool. > 2. Go to the Report Server and Report Manager virtual directory tabs and > check the "Apply Default Settings" check box > 3. Click "Apply" on both of those pages to reset the VDIR settings. > 4. Try it again. > 5. If that doesn't work delete the Virtual Directories from IIS and then > use the configuration tool to recreate them from scratch. > 6. If THAT doesn't work make sure that the local account that the app pool > is running under has file permissions to all of the files in the > ReportServer and ReportManager directories and their subdirectories. > > Let me know if any of that works. > > ------------------------------------- > Chris Alton, Microsoft Corp. > SQL Server Developer Support Engineer > This posting is provided "AS IS" with no warranties, and confers no right= s=2E > -------------------- > > > > > From: scot.hau...@gmail.com > > Newsgroups: microsoft.public.sqlserver.reportingsvcs > > Subject: Re: Reporting Services IIS authentication > > Date: Thu, 04 Oct 2007 14:37:29 -0700 > > > On Oct 4, 3:56 pm, cal...@online.microsoft.com (Chris Alton [MSFT]) > > wrote: > > > Check the IIS logs and see what the HTTP Code was for the image file > > > access. That should help you start pinpointing where the authenticati= on > > > issue resides. > > > > Once you get those log entries you can post them here and I'll take a > look > > > and see if I can help. > > > ------------------------------------- > > > Chris Alton, Microsoft Corp. > > > SQL Server Developer Support Engineer > > > This posting is provided "AS IS" with no warranties, and confers no > rights. > > > -------------------- > > > > > From: scot.hau...@gmail.com > > > > Newsgroups: microsoft.public.sqlserver.reportingsvcs > > > > Subject: Reporting Services IIS authentication > > > > Date: Thu, 04 Oct 2007 12:53:54 -0700 > > > > > Hi > > > > > SQL 2005 was first installed on a Win 2003 Server sans the Reporting > > > > Services because IIS was not installed. Then we installed IIS and t= hen > > > > RS and then reapplied SP2 for SQL2005. RS runs under an appPool that > > > > is configured with a local account that has admin priv. I log into = an > > > > AD domain account, my domain account is also in the local admins gr= oup > > > > on this server. > > > > > On an XP client using IE I try to browse to the reports virtual > > > > directory and am prompted for credentials. It looks like the web pa= ge > > > > wants to display but the images are not shown. When I hit cancel in > > > > the credentials box one of the missing images now displays the miss= ing > > > > image icon. I do this 5 or 6 times to get the credentials box to go > > > > away. I am now looking at the Home page (with no images) It is almo= st > > > > as if my account doesn't have permissions to read the image files e= ven > > > > though I am an admin on the machine. Note: I tried many username/ > > > > passwords in the credentials box including domain admins to no avai= l=2E > > > > > I don't get much farther than this, when I click on a link such as > > > > Site Settings, sometimes it will take me to the page but most times= it > > > > will display the "You are not authorized to view this page" message. > > > > [As an aside, a couple times after clicking cancel many times in > > > > response to the credentials box it let me navigate all of the links > > > > and displayed all of the images. When I would close the browser and > > > > try again the credentials box issue was back. Getting it to work li= ke > > > > this is not repeatable] > > > > > I dropped an aspx page into the ReportManager folder (same one that > > > > contains the Home.aspx) that contains this: > > > > > id=3Dwindowsidentity.getcurrent() > > > > if not id is nothing then > > > > windows.Text =3D "WindowsIdentitly.GetCurrent(): " & > > > > id.Name & ", " & id.IsAuthenticated.ToString() & ", " & > > > > id.AuthenticationType > > > > end if > > > > > When I browse to this page it shows that the RS site IS authenticat= ing > > > > my domain account [DOMAIN\username] but the authentication type is > > > > NTLM. On another server where I have RS working this same page shows > > > > Kerberos. > > > > > I am at wits end. Thank you in advance for any help > > > > > Scot- Hide quoted text - > > > > - Show quoted text - > > > Hi Chris > > Here is my last session: > > > #Software: Microsoft Internet Information Services 6.0 > > #Version: 1.0 > > #Date: 2007-10-04 20:17:53 > > #Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query > > s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32- > > status > > 2007-10-04 20:17:53 W3SVC1 10.100.10.37 GET /Reports/Pages/Folder.aspx > > ItemPath=3D%2fData+Sources&ViewMode=3DList 80 - 10.100.100.217 Mozilla/= 4=2E0+ > > (compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+InfoPath.1;+.NET+CLR > > +2.0.50727;+.NET+CLR+1.1.4322) 401 2 2148074254 > > 2007-10-04 20:17:53 W3SVC1 10.100.10.37 GET /Reports/Pages/Folder.aspx > > ItemPath=3D%2fData+Sources&ViewMode=3DList 80 - 10.100.100.217 Mozilla/= 4=2E0+ > > (compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+InfoPath.1;+.NET+CLR > > +2.0.50727;+.NET+CLR+1.1.4322) 401 1 0 > > 2007-10-04 20:17:53 W3SVC1 10.100.10.37 GET /Reports/Pages/Folder.aspx > > ItemPath=3D%2fData+Sources&ViewMode=3DList 80 - 10.100.100.217 Mozilla/= 4=2E0+ > > (compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+InfoPath.1;+.NET+CLR > > +2.0.50727;+.NET+CLR+1.1.4322) 401 1 0 > > 2007-10-04 20:18:06 W3SVC1 127.0.0.1 POST /ReportServer/ > > ReportService2005.asmx - 80 - 127.0.0.1 - 401 2 2148074254 > > 2007-10-04 20:18:06 W3SVC1 127.0.0.1 POST /ReportServer/ > > ReportService2005.asmx - 80 - 127.0.0.1 - 401 1 0 > > 2007-10-04 20:18:16 W3SVC1 127.0.0.1 POST /ReportServer/ > > ReportService2005.asmx - 80 GROUPO\scoth 127.0.0.1 - 200 0 0 > > 2007-10-04 20:18:16 W3SVC1 127.0.0.1 POST /ReportServer/ > > ReportService2005.asmx - 80 - 127.0.0.1 - 401 2 2148074254 > > 2007-10-04 20:18:16 W3SVC1 127.0.0.1 POST /ReportServer/ > > ReportService2005.asmx - 80 - 127.0.0.1 - 401 1 0 > > 2007-10-04 20:18:16 W3SVC1 127.0.0.1 POST /ReportServer/ > > ReportService2005.asmx - 80 GROUPO\scoth 127.0.0.1 - 200 0 0 > > 2007-10-04 20:18:16 W3SVC1 127.0.0.1 POST /ReportServer/ > > ReportService2005.asmx - 80 - 127.0.0.1 - 401 2 2148074254 > > 2007-10-04 20:18:16 W3SVC1 127.0.0.1 POST /ReportServer/ > > ReportService2005.asmx - 80 - 127.0.0.1 - 401 1 0 > > 2007-10-04 20:18:16 W3SVC1 127.0.0.1 POST /ReportServer/ > > ReportService2005.asmx - 80 GROUPO\scoth 127.0.0.1 - 200 0 0 > > 2007-10-04 20:18:16 W3SVC1 127.0.0.1 POST /ReportServer/
Don't know if I asked this before but is the SRS server/web site in
"Trusted Sites" for you? If it is then Internet Explorer by default does not do "Auto-Login" when a site is in that security group. If you want to turn it on for Trusted Sites open up IE and do the following: 1. Open "Tools->Internet Options->Security Tab->Trusted Sites->Custom Level button" 2. Go to the very last option in the list "User Authentication" 3. Check the "Automatic logon with current user name and password" See if that helps. ------------------------------------- Chris Alton, Microsoft Corp. SQL Server Developer Support Engineer This posting is provided "AS IS" with no warranties, and confers no rights. -------------------- [quoted text, click to view] > From: scot.hauder@gmail.com
> Newsgroups: microsoft.public.sqlserver.reportingsvcs > Subject: Re: Reporting Services IIS authentication > Date: Fri, 05 Oct 2007 15:33:26 -0700 > > On Oct 5, 8:44 am, cal...@online.microsoft.com (Chris Alton [MSFT]) > wrote: > > You are getting 401.1 errors on the image files for some reason. Try doing > > this and see if it helps. > > > > 1. Open the SRS Configuration Tool. > > 2. Go to the Report Server and Report Manager virtual directory tabs and > > check the "Apply Default Settings" check box > > 3. Click "Apply" on both of those pages to reset the VDIR settings. > > 4. Try it again. > > 5. If that doesn't work delete the Virtual Directories from IIS and then > > use the configuration tool to recreate them from scratch. > > 6. If THAT doesn't work make sure that the local account that the app pool > > is running under has file permissions to all of the files in the > > ReportServer and ReportManager directories and their subdirectories. > > > > Let me know if any of that works. > > > > ------------------------------------- > > Chris Alton, Microsoft Corp. > > SQL Server Developer Support Engineer > > This posting is provided "AS IS" with no warranties, and confers no rights. > > -------------------- > > > > > > > > - Show quoted text - > Hi Chris, > Thank you for looking into this. I have tried your suggestions twice > before initiating this thread. I don't know if this is unusual but > both of the times we installed RS we HAD to manually create the > virtual directories through the RS configuration utility--they were > not created during install. The apppool account is a member of the > local admin group as is my domain account. To add more confusion > consider this: I can log on locally to the server (using my same > domain account), go into IIS manager and under Default Web Site right > click the reports web app, click browse and everything looks ok, I can > even create a report that uses windows authentication to connect to a > remote SQL box. In addition I've added another user in RS and she can > browse the report site from her XP client without the credentials box > showing ! ... but when she tries to run the report I spoke of above, > the SQL connection fails because it is passing along NETWORK SERVICE\ > ANNONYMOUS USER credentials. I can deal with this second hop issue > later but I can't figure out why this ordinary user doesn't have > problems browsing the site while myself and our domain admin are > prompted for credentials. > Scot >
Another thing I forgot to mention is to check the "Unattended Execution
Account" you have configured in the SRS configuration tool. Try removing/unsetting that account and then try it again that could be the cause of your problems. ------------------------------------- Chris Alton, Microsoft Corp. SQL Server Developer Support Engineer This posting is provided "AS IS" with no warranties, and confers no rights. -------------------- [quoted text, click to view] > From: scot.hauder@gmail.com
> Newsgroups: microsoft.public.sqlserver.reportingsvcs > Subject: Re: Reporting Services IIS authentication > Date: Fri, 05 Oct 2007 15:33:26 -0700 > > On Oct 5, 8:44 am, cal...@online.microsoft.com (Chris Alton [MSFT]) > wrote: > > You are getting 401.1 errors on the image files for some reason. Try doing > > this and see if it helps. > > > > 1. Open the SRS Configuration Tool. > > 2. Go to the Report Server and Report Manager virtual directory tabs and > > check the "Apply Default Settings" check box > > 3. Click "Apply" on both of those pages to reset the VDIR settings. > > 4. Try it again. > > 5. If that doesn't work delete the Virtual Directories from IIS and then > > use the configuration tool to recreate them from scratch. > > 6. If THAT doesn't work make sure that the local account that the app pool > > is running under has file permissions to all of the files in the > > ReportServer and ReportManager directories and their subdirectories. > > > > Let me know if any of that works. > > > > ------------------------------------- > > Chris Alton, Microsoft Corp. > > SQL Server Developer Support Engineer > > This posting is provided "AS IS" with no warranties, and confers no rights. > > -------------------- > > > > > > > > > From: scot.hau...@gmail.com > > > Newsgroups: microsoft.public.sqlserver.reportingsvcs > > > Subject: Re: Reporting Services IIS authentication > > > Date: Thu, 04 Oct 2007 14:37:29 -0700 > > > > > On Oct 4, 3:56 pm, cal...@online.microsoft.com (Chris Alton [MSFT]) > > > wrote: > > > > Check the IIS logs and see what the HTTP Code was for the image file > > > > access. That should help you start pinpointing where the authentication > > > > issue resides. > > > > > > Once you get those log entries you can post them here and I'll take a > > look > > > > and see if I can help. > > > > ------------------------------------- > > > > Chris Alton, Microsoft Corp. > > > > SQL Server Developer Support Engineer > > > > This posting is provided "AS IS" with no warranties, and confers no > > rights. > > > > -------------------- > > > > > > > From: scot.hau...@gmail.com > > > > > Newsgroups: microsoft.public.sqlserver.reportingsvcs > > > > > Subject: Reporting Services IIS authentication > > > > > Date: Thu, 04 Oct 2007 12:53:54 -0700 > > > > > > > Hi > > > > > > > SQL 2005 was first installed on a Win 2003 Server sans the Reporting > > > > > Services because IIS was not installed. Then we installed IIS and then > > > > > RS and then reapplied SP2 for SQL2005. RS runs under an appPool that > > > > > is configured with a local account that has admin priv. I log into an > > > > > AD domain account, my domain account is also in the local admins group > > > > > on this server. > > > > > > > On an XP client using IE I try to browse to the reports virtual > > > > > directory and am prompted for credentials. It looks like the web page > > > > > wants to display but the images are not shown. When I hit cancel in > > > > > the credentials box one of the missing images now displays the missing > > > > > image icon. I do this 5 or 6 times to get the credentials box to go > > > > > away. I am now looking at the Home page (with no images) It is almost > > > > > as if my account doesn't have permissions to read the image files even > > > > > though I am an admin on the machine. Note: I tried many username/ > > > > > passwords in the credentials box including domain admins to no avail. > > > > > > > I don't get much farther than this, when I click on a link such as > > > > > Site Settings, sometimes it will take me to the page but most times it > > > > > will display the "You are not authorized to view this page" message. > > > > > [As an aside, a couple times after clicking cancel many times in > > > > > response to the credentials box it let me navigate all of the links > > > > > and displayed all of the images. When I would close the browser and > > > > > try again the credentials box issue was back. Getting it to work like > > > > > this is not repeatable] > > > > > > > I dropped an aspx page into the ReportManager folder (same one that > > > > > contains the Home.aspx) that contains this: > > > > > > > id=windowsidentity.getcurrent() > > > > > if not id is nothing then > > > > > windows.Text = "WindowsIdentitly.GetCurrent(): " & > > > > > id.Name & ", " & id.IsAuthenticated.ToString() & ", " & > > > > > id.AuthenticationType > > > > > end if > > > > > > > When I browse to this page it shows that the RS site IS authenticating > > > > > my domain account [DOMAIN\username] but the authentication type is > > > > > NTLM. On another server where I have RS working this same page shows > > > > > Kerberos. > > > > > > > I am at wits end. Thank you in advance for any help > > > > > > > Scot- Hide quoted text - > > > > > > - Show quoted text - > > > > > Hi Chris > > > Here is my last session: > > > > > #Software: Microsoft Internet Information Services 6.0 > > > #Version: 1.0 > > > #Date: 2007-10-04 20:17:53 > > > #Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query > > > s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32- > > > status > > > 2007-10-04 20:17:53 W3SVC1 10.100.10.37 GET /Reports/Pages/Folder.aspx > > > ItemPath=%2fData+Sources&ViewMode=List 80 - 10.100.100.217 Mozilla/4.0+ > > > (compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+InfoPath.1;+.NET+CLR > > > +2.0.50727;+.NET+CLR+1.1.4322) 401 2 2148074254 > > > 2007-10-04 20:17:53 W3SVC1 10.100.10.37 GET /Reports/Pages/Folder.aspx > > > ItemPath=%2fData+Sources&ViewMode=List 80 - 10.100.100.217 Mozilla/4.0+ > > > (compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+InfoPath.1;+.NET+CLR > > > +2.0.50727;+.NET+CLR+1.1.4322) 401 1 0 > > > 2007-10-04 20:17:53 W3SVC1 10.100.10.37 GET /Reports/Pages/Folder.aspx > > > ItemPath=%2fData+Sources&ViewMode=List 80 - 10.100.100.217 Mozilla/4.0+ > > > (compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+InfoPath.1;+.NET+CLR > > > +2.0.50727;+.NET+CLR+1.1.4322) 401 1 0 > > > 2007-10-04 20:18:06 W3SVC1 127.0.0.1 POST /ReportServer/ > > > ReportService2005.asmx - 80 - 127.0.0.1 - 401 2 2148074254 > > > 2007-10-04 20:18:06 W3SVC1 127.0.0.1 POST /ReportServer/ > > > ReportService2005.asmx - 80 - 127.0.0.1 - 401 1 0 > > > 2007-10-04 20:18:16 W3SVC1 127.0.0.1 POST /ReportServer/
On Oct 8, 8:52 am, cal...@online.microsoft.com (Chris Alton [MSFT])
[quoted text, click to view] wrote:
> Another thing I forgot to mention is to check the "Unattended Execution > Account" you have configured in the SRS configuration tool. > > Try removing/unsetting that account and then try it again that could be t= he > cause of your problems. > ------------------------------------- > Chris Alton, Microsoft Corp. > SQL Server Developer Support Engineer > This posting is provided "AS IS" with no warranties, and confers no right= s=2E > -------------------- > > > > > From: scot.hau...@gmail.com > > Newsgroups: microsoft.public.sqlserver.reportingsvcs > > Subject: Re: Reporting Services IIS authentication > > Date: Fri, 05 Oct 2007 15:33:26 -0700 > > > On Oct 5, 8:44 am, cal...@online.microsoft.com (Chris Alton [MSFT]) > > wrote: > > > You are getting 401.1 errors on the image files for some reason. Try > doing > > > this and see if it helps. > > > > 1. Open the SRS Configuration Tool. > > > 2. Go to the Report Server and Report Manager virtual directory tabs = and > > > check the "Apply Default Settings" check box > > > 3. Click "Apply" on both of those pages to reset the VDIR settings. > > > 4. Try it again. > > > 5. If that doesn't work delete the Virtual Directories from IIS and t= hen > > > use the configuration tool to recreate them from scratch. > > > 6. If THAT doesn't work make sure that the local account that the app > pool > > > is running under has file permissions to all of the files in the > > > ReportServer and ReportManager directories and their subdirectories. > > > > Let me know if any of that works. > > > > ------------------------------------- > > > Chris Alton, Microsoft Corp. > > > SQL Server Developer Support Engineer > > > This posting is provided "AS IS" with no warranties, and confers no > rights. > > > -------------------- > > > > > From: scot.hau...@gmail.com > > > > Newsgroups: microsoft.public.sqlserver.reportingsvcs > > > > Subject: Re: Reporting Services IIS authentication > > > > Date: Thu, 04 Oct 2007 14:37:29 -0700 > > > > > On Oct 4, 3:56 pm, cal...@online.microsoft.com (Chris Alton [MSFT]) > > > > wrote: > > > > > Check the IIS logs and see what the HTTP Code was for the image f= ile > > > > > access. That should help you start pinpointing where the > authentication > > > > > issue resides. > > > > > > Once you get those log entries you can post them here and I'll ta= ke > a > > > look > > > > > and see if I can help. > > > > > ------------------------------------- > > > > > Chris Alton, Microsoft Corp. > > > > > SQL Server Developer Support Engineer > > > > > This posting is provided "AS IS" with no warranties, and confers = no > > > rights. > > > > > -------------------- > > > > > > > From: scot.hau...@gmail.com > > > > > > Newsgroups: microsoft.public.sqlserver.reportingsvcs > > > > > > Subject: Reporting Services IIS authentication > > > > > > Date: Thu, 04 Oct 2007 12:53:54 -0700 > > > > > > > Hi > > > > > > > SQL 2005 was first installed on a Win 2003 Server sans the > Reporting > > > > > > Services because IIS was not installed. Then we installed IIS a= nd > then > > > > > > RS and then reapplied SP2 for SQL2005. RS runs under an appPool > that > > > > > > is configured with a local account that has admin priv. I log > into an > > > > > > AD domain account, my domain account is also in the local admins > group > > > > > > on this server. > > > > > > > On an XP client using IE I try to browse to the reports virtual > > > > > > directory and am prompted for credentials. It looks like the web > page > > > > > > wants to display but the images are not shown. When I hit cancel > in > > > > > > the credentials box one of the missing images now displays the > missing > > > > > > image icon. I do this 5 or 6 times to get the credentials box to > go > > > > > > away. I am now looking at the Home page (with no images) It is > almost > > > > > > as if my account doesn't have permissions to read the image fil= es > even > > > > > > though I am an admin on the machine. Note: I tried many usernam= e/ > > > > > > passwords in the credentials box including domain admins to no > avail. > > > > > > > I don't get much farther than this, when I click on a link such= as > > > > > > Site Settings, sometimes it will take me to the page but most > times it > > > > > > will display the "You are not authorized to view this page" > message. > > > > > > [As an aside, a couple times after clicking cancel many times in > > > > > > response to the credentials box it let me navigate all of the > links > > > > > > and displayed all of the images. When I would close the browser > and > > > > > > try again the credentials box issue was back. Getting it to work > like > > > > > > this is not repeatable] > > > > > > > I dropped an aspx page into the ReportManager folder (same one > that > > > > > > contains the Home.aspx) that contains this: > > > > > > > id=3Dwindowsidentity.getcurrent() > > > > > > if not id is nothing then > > > > > > windows.Text =3D "WindowsIdentitly.GetCurrent(): = " & > > > > > > id.Name & ", " & id.IsAuthenticated.ToString() & ", " & > > > > > > id.AuthenticationType > > > > > > end if > > > > > > > When I browse to this page it shows that the RS site IS > authenticating > > > > > > my domain account [DOMAIN\username] but the authentication type= is > > > > > > NTLM. On another server where I have RS working this same page > shows > > > > > > Kerberos. > > > > > > > I am at wits end. Thank you in advance for any help > > > > > > > Scot- Hide quoted text - > > > > > > - Show quoted text - > > > > > Hi Chris > > > > Here is my last session: > > > > > #Software: Microsoft Internet Information Services 6.0 > > > > #Version: 1.0 > > > > #Date: 2007-10-04 20:17:53 > > > > #Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-que= ry > > > > s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus > sc-win32- > > > > status > > > > 2007-10-04 20:17:53 W3SVC1 10.100.10.37 GET /Reports/Pages/Folder.a= spx > > > > ItemPath=3D%2fData+Sources&ViewMode=3DList 80 - 10.100.100.217 > Mozilla/4.0+ > > > > (compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+InfoPath.1;+.NET+CLR > > > > +2.0.50727;+.NET+CLR+1.1.4322) 401 2 2148074254 > > > > 2007-10-04 20:17:53 W3SVC1 10.100.10.37 GET /Reports/Pages/Folder.a= spx > > > > ItemPath=3D%2fData+Sources&ViewMode=3DList 80 - 10.100.100.217 > Mozilla/4.0+ > > > > (compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+InfoPath.1;+.NET+CLR > > > > +2.0.50727;+.NET+CLR+1.1.4322) 401 1 0 > > > > 2007-10-04 20:17:53 W3SVC1 10.100.10.37 GET /Reports/Pages/Folder.a= spx > > > > ItemPath=3D%2fData+Sources&ViewMode=3DList 80 - 10.100.100.217 > Mozilla/4.0+ > > > > (compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+InfoPath.1;+.NET+CLR
Unfortunately I'm not sure what is causing your issue with the information
and time I have. You might try posting something in the IIS forums or if you need to get the issue resolved immediately you can always open up a support case with us. ------------------------------------- Chris Alton, Microsoft Corp. SQL Server Developer Support Engineer This posting is provided "AS IS" with no warranties, and confers no rights. -------------------- [quoted text, click to view] > From: scot.hauder@gmail.com
> Newsgroups: microsoft.public.sqlserver.reportingsvcs > Subject: Re: Reporting Services IIS authentication > Date: Tue, 09 Oct 2007 08:12:44 -0700 > > On Oct 8, 8:52 am, cal...@online.microsoft.com (Chris Alton [MSFT]) > wrote: > > Another thing I forgot to mention is to check the "Unattended Execution > > Account" you have configured in the SRS configuration tool. > > > > Try removing/unsetting that account and then try it again that could be the > > cause of your problems. > > ------------------------------------- > > Chris Alton, Microsoft Corp. > > SQL Server Developer Support Engineer > > This posting is provided "AS IS" with no warranties, and confers no rights. > > -------------------- > > > > > > > > > > - Show quoted text - > When trying to connect to the SRS in IE it shows local Intranet in the > status bar. The IE logon setting is set to: automatic logon only in > intranet zone... > The unattended execution account has never been set to anything >
On Oct 9, 11:43 am, cal...@online.microsoft.com (Chris Alton [MSFT])
[quoted text, click to view] wrote: > Unfortunately I'm not sure what is causing your issue with the information > and time I have. You might try posting something in the IIS forums or if > you need to get the issue resolved immediately you can always open up a > support case with us. > ------------------------------------- > Chris Alton, Microsoft Corp. > SQL Server Developer Support Engineer > This posting is provided "AS IS" with no warranties, and confers no rights. > -------------------- > > > > > From: scot.hau...@gmail.com > > Newsgroups: microsoft.public.sqlserver.reportingsvcs > > Subject: Re:ReportingServicesIISauthentication > > Date: Tue, 09 Oct 2007 08:12:44 -0700 > > > On Oct 8, 8:52 am, cal...@online.microsoft.com (Chris Alton [MSFT]) > > wrote: > > > Another thing I forgot to mention is to check the "Unattended Execution > > > Account" you have configured in the SRS configuration tool. > > > > Try removing/unsetting that account and then try it again that could be > the > > > cause of your problems. > > > ------------------------------------- > > > Chris Alton, Microsoft Corp. > > > SQL Server Developer Support Engineer > > > This posting is provided "AS IS" with no warranties, and confers no > rights. > > > -------------------- > > > > - Show quoted text - > > When trying to connect to the SRS in IE it shows local Intranet in the > > status bar. The IE logon setting is set to: automatic logon only in > > intranet zone... > > The unattended execution account has never been set to anything- Hide quoted text - > > - Show quoted text - Hi Chris, This is 10 days old so you may not get back to this. Before I give my solution I will let you know how frustrating this has been and thank you for the time you have spent trouble shooting this. Like I said before my account was in the local admin group and the appPool account was a member of the admin group yet IIS still gave me problems. Worse is sometimes the site would come up fine without prompting for credentials and then the next hour or next day it would not work... I'm sure many readers are going through this same scenario Here is the solution: 1 Get Kerberos authentication working. The aspx page I threw into the home directory said I was authenticating with NTLM. I had to change the appPool account that the SSRS web apps was running under from a local account to a domain account. 2 Run setspn for the appPool account name and the reporting server setspn.exe -a http/IIS_computer's_NetBIOS_name DomainName \AppPoolUserName setspn.exe -a http/IIS_computer's_FQDN DomainName\AppPoolUserName At this point I could browse the SSRS site fine but reports hitting external db servers was not working (using Integrated Security=SSPI in the report datasource) the "double hop" problem 3 In AD make sure the end users account does NOT have "Account is sensitive and cannot be delegated" checked 4 In AD for the appPool account select Account is trusted for delegation. Delegation for certain services only and Any Authentication. 5 In IE Internet Options->Security Tab->Local intranet->User Authentication Logon, make sure automatic logon in intranet zone is selected 6 Go to the nearest bar and drink copiously If anyone has read this far, I wish you luck Cheers! Scot
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
| home · blog · groups | Questions? Comments? Contact the dn |