Report Manager Links with SSL

Question

User-894232010 posted

I'm trying to run Reporting Services through SSL.  For the most part everything is working, but I still have some minor problems.  The links for "Home", "My Subscriptions", etc. in the upper left corner of Report Manager all start with "http://" rather than "https://".  The icons for "New Data Source", "Upload File", and "Report Builder" in the toolbar also have the same problem.  All the other links and icons point to URLs starting with "https://".

When I click on any of these problem links I get an error saying "https://" is required.  If I manually change the address to "https://" the proper page appears.

In RSWebApplication.config I have ReportServerUrl = https://<machine>/ReportServer.

In RSReportServer.config I have SecureConnectionLevel = 3 and UrlRoot = https://<machine>/ReportServer.

What am I missing?

Thank-you,

Greg

Answer 1

User-1136466523 posted

Hi,

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p> </o:p>

Try to set the config file according to the following points:

<o:p> </o:p>

RSReportServer.config

In RSReportServer.config, which you will find in \Program Files\Microsoft SQL Server\MSSQL\Reporting Services\ReportServer, you'll need to locate the <URLRoot> element and update the NetBIOS name to the DNS name, and also the http:// to https://. Take care to use the same case for the letters as you used in the certificate:

<o:p> </o:p>

So, in our example here we needed to edit the <URLRoot> to be:

<o:p> </o:p>

<UrlRoot>https://d1.internal.boost.net/ReportServer</UrlRoot>

<o:p> </o:p>

RSWebApplication.config

You'll find RSWebApplication.config in C:\Program Files\Microsoft SQL Server\MSSQL\Reporting Services\ReportManager. The change needed here is to update <ReportServerUrl> to include the name used in the certificate.

<o:p> </o:p>

<ReportServerUrl>https://d1.internal.boost.net/ReportServer</ReportServerUrl>

<o:p> </o:p>

Finally, the following line in RSReportServer.config governs the master control over SSL:

<o:p> </o:p>

<Add Key="SecureConnectionLevel" Value="2"/>

<o:p> </o:p>

Acceptable values are:

<o:p> </o:p>

3 Most secure—Use SSL for absolutely everything.

2 Secure—Use SSL for rendering and methods that pass credentials but don't insist on it for all SOAP calls.

1 Basic Security—Accepts http but rejects any calls that might be involved in the passing of credentials.

0 Least Secure—Don't use SSL at all.

2 is the value that the installation wizard will input if you install with the Use SSL check box selected, but we prefer to use 3 and ensure that the Report Manager is also using SSL.

<o:p> </o:p>

Thanks.

 

Answer 2

User-1136466523 posted

Hi,

Currently I am marking this thread as “Answered”, if my reply does not help you resolve the problem, please feel free to unmark it. Please also provide the following information and we will be glad to follow up:

The error message after you try the solution above.

Thanks.

 

Answer 3

User-894232010 posted

Michael,

Thank-you for your reply to this.  I've already tried most of what you suggested except for two points: I have SecureConnectionLevel set to 3 rather that 2 and I'm not sure I matched the case of the URL exactly.  I'll double check everything.

Thanks again,
Greg

Answer 4

User-894232010 posted

Michael,

Again, thanks for your input. It turns out the solution had nothing to do with the configuration files. I had to go into the registry and add a DisableLoopbackCheck value to the HKEY_Local_Machine\System\CurrentControlSet\Control\Lsa key. This happened to be the solution for another IIS problem I was having that I thought was unrelated to the Report Server problem.

Greg

Answer 5

User87125260 posted

Hi Greg,

I made the changes to the RSReportServer.config, RSWebApplication.config and Disable the loopback check.  My problem with the Home, My Subcriptions and Site Settings are resolved.  However, the Help link still point to http instead of https.  Do you have any problem with your help link?  I set my Key="SecureConnectionLevel" value to 2 instead of 3.  I was just wondering if this makes a different.

Thanks,
Monica 

 

Answer 6

User-894232010 posted

Monika,

Thanks for replying.  I've already found the loopback check and disabled it.  Everything worked fine after that.  I believe the "Help" link also showed https: after the check was disabled, but I'm not 100% sure.  I won't have access to that machine for a few days but I'll try to remember and check once I get access again.

I've had "SecureConnectionLevel" set to both 2 and 3 during the course of my troubleshooting. I don't think it will make a difference for this issue.

Thanks again,
Greg

Answer 7

User-1002109395 posted

Hello,

I have the same problem as described in the first post. To solve this, I tried all your solutions, but non worked. My configuration is a bit special: a server in DMZ with only ReportManager enabled, a server with ReportManager and ReportServer behind a firewall and a server with the Database. The DMZ server required SSL, so people from the internet must use https. I also implemented custom authentication and authorisation. (based on the sample from Microsoft) Nomatter what I do, the "Home", "My Subscriptions" and "Search" links keep saying http:// in stead of https://.

SecureConnectionLevel = 2, UrlRoot=https://mydomain/ReportServer

The communication with the internal Report Server from the DMZ server had to be SSL too. After changing the custom authentication (different domain name in the cookie) everything worked.

Greetz Eric

Answer 8

User-894232010 posted

Eric

Luckily yours isn't a situation I had to deal with; I'm running on a single server behind a firewall along with all my users.  Thanks for your information.  I may have to change my configuration to something similar to yours in the future.

Greg

Hello,

I have the same problem as described in the first post. To solve this, I tried all your solutions, but non worked. My configuration is a bit special: a server in DMZ with only ReportManager enabled, a server with ReportManager and ReportServer behind a firewall and a server with the Database. The DMZ server required SSL, so people from the internet must use https. I also implemented custom authentication and authorisation. (based on the sample from Microsoft) Nomatter what I do, the "Home", "My Subscriptions" and "Search" links keep saying http:// in stead of https://.

SecureConnectionLevel = 2, UrlRoot=https://mydomain/ReportServer

The communication with the internal Report Server from the DMZ server had to be SSL too. After changing the custom authentication (different domain name in the cookie) everything worked.

Greetz Eric

Answer 9

User-1002109395 posted

Thank you for the reply Greg.

I found the solution already and edited my post above. The communication between the DMZ server ande the Internal server had to be SSL too. Nou all links are rendered as https://.

Eric

Answer 10

User1215786134 posted

Hi Eric,

Our reporting services configuration is the same as yours; however; our cookie is not being passed through at all. We have the same domain name on the cookie. Can you elaborate more on how you configured Reporting Services to pass your cookie through the DMZ?

Thanks,

~zero

Answer 11

User-1002109395 posted

Make sure you use SSL all the way to you reporting services.

We had te same problem, but by using SSL with the same certificate from the DMZ to the reporting server it worked.

Eric

Answer 12

User1215786134 posted

Just for anyone else who has problems with passing cookies in a multi-server environment; this is a known bug with Microsoft. There is a hack workaround:

https://connect.microsoft.com/SQLServer/feedback/ViewFeedback.aspx?FeedbackID=521271

Answer 13

User1230291852 posted

Hi Eric,

We have the same issue.

We have reporting services instance on Server A in DMZ and it's databases ReportServer & ReportServerTempDB are on Server B in Internal Network.

In this case (Reporting Services on Server A in DMZ & it's databases on Server B in Internal network), do we need to MUST have Certificates on both the servers? Because from your reply (The communication with the internal Report Server from the DMZ server had to be SSL too.) I did understand that both the servers require Certificate

If my understanding is coorect, then why we need SSL on Server B, in Internal network? It has NO website, just the Reportserver & ReportServerTempDB.

If I understand wrong, please correct me what exact steps I need to follow

Many thanks.

Answer 14

User1230291852 posted

Could you please clarify me!!

Answer 15

User-1524444539 posted

Thanks SOOOOOOO much, Greg.  The tip on the DisableLoopback registry setting finally brought my hours of frustration to a fruitful end.  On a different site (that had "scraped" this forum at some point), I had followed Nai-Dong Jin's steps for the config files' modifications but your post wasn't shown there.  Those config file mods (by themselves) were to no avail.  Argh!!!!!

But the missing piece was the registry mod.

FYI, this was MS SQL Server SSRS 2008 with SP1 freshly installed on Windows Server 2008.

I have been burned before (when setting up SharePoint) because of the loopback check.  I wish I'd thought of that, but thanks for the solution!

The SSL and port 80 access now work fine.