none
determining why windows auth not allowed on 2012 rs server

    Question

  • Hi.  I want to determine why windows integrated security isnt working on my rs server.  But the option where i'm prompted for user and pswd is when rendering my report from that server.  I can remote into the machine.  I can also reach it from ssms.  We run enterprise 2012 x64 sp1.  It could be that our dba set it up purposely like this but when i approach him, i want to have all the facts available.

    What is the easiest way for me to determine which setting (if any) is preventing such authentication?  If it involves looking at a config, where might i find that config?

    Thursday, February 06, 2014 4:33 PM

All replies

  • thx tom.  That's where i started before posting.  I dont see any directories or ui 's described there.   The closest i come to finding a file named rsreportserver.config is in an installer folder under c:\windows.
    • Edited by DB042189 Thursday, February 06, 2014 5:41 PM more
    Thursday, February 06, 2014 5:31 PM
  • The location of the files is dependent on your installation.

    For RSreportserver.config, please see:

    http://msdn.microsoft.com/en-us/library/bb630448.aspx

    Thursday, February 06, 2014 6:58 PM
  • found it with a little help.  apparently its shared by other seervers.   Here is what it looks like.  Does NTLM require that kerberos and kerberos spn's be in play?  I'll try to read a little also.   Hoping to achieve integrated windows auth without breaking other things.

    <Authentication>
    		<AuthenticationTypes>
    			<RSWindowsNTLM/>
    		</AuthenticationTypes>
    		<RSWindowsExtendedProtectionLevel>Off</RSWindowsExtendedProtectionLevel>
    		<RSWindowsExtendedProtectionScenario>Proxy</RSWindowsExtendedProtectionScenario>
    		<EnableAuthPersistence>true</EnableAuthPersistence>
    	</Authentication>

    Thursday, February 06, 2014 7:23 PM
  • the error i'm getting when i test the connection under the integrated windows option in the data source is this...

    login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'

    i'm wondering if this is a config mgr thing...ie one that is sending the service's credentials instead of the user's to the db server...and perhaps one that can be overidden.

    Thursday, February 06, 2014 10:19 PM
  • in the config mgr i see...

    1) service acct has built in acct checked

    2) rs's reporting dbs seem to be on a different server and the credentials being used there seem to be tied to a service acct type with a pre entered password and a login of what appears to be an NT service acct

    3) nothing is chosen on the execution account tab

    Thursday, February 06, 2014 10:31 PM
  • i did my best to read the article at http://sqlmag.com/sql-server-reporting-services/understanding-sql-server-reporting-services-authentication but get the sense the author is saying rs cant pass windows credentials transparently to the db source without kerberos.  But i think i've seen the hop from rs to the 1st relational db server source work without kerberos in the past and passing the current user's creds, not a pre recorded one.  Maybe I'm wrong. 
    Thursday, February 06, 2014 10:47 PM
  • windows integ auth being sent to data source is enabled on the report server.  Still at  a loss about how to do this or if its possible.
    Friday, February 07, 2014 9:56 PM