locked
Log in screen RRS feed

  • Question

  • I am having trouble to  see my Reporting  page and prompt me to log in and I open my window without  any  authentication why am I getting log in screen.

    What I have tried is open ie  as admin and give my url as http:// computername/reports

    and still show me Authentication Reuired.

    Any help is welcome.

    Vijay


    Vijay Patel

    Saturday, August 29, 2015 1:00 PM

Answers

    1. Try going to the report services link: http://<yourserver name>/Reports.
      • It will normally ask for credentials, at which time enter some credentials.
      • Most likely you will receive the following error message:
        • “SQL Server Reporting Services Error User <domain>\<name> does not have
          required permissions. Verify that sufficient permissions have been granted and Windows
          User Account Control (UAC) restrictions have been addressed.”
      • As you can guess, the user account must be given some permissions to get in.
    2. So you may be wondering how do I get around this issue and what caused it. My understanding
      is how Reporting Services handles the user accounts that are added during installation,
      see step 22.
    3. Even though you may already be logged in as the administrator for the system and
      SQL, you must run Internet Explorer as Administrator
    4. Re-enter the url for Report Server Manager (http://localhost/Reports)
      and you will be see the following
    5. Click Site Settings in the upper right hand corner. You are now
      in the site settings section of Report Server (if you are familiar with Windows
      SharePoint Server 3.0 you will notice some similarities in the setup of the screen.
      (Always nice of them to reuse good ideas.)
    6. On the left hand side click Security
    7. Click New Role Assignment this will take you to the page were new
      users can be added with different level of security (admin or user)
      • Here is a summary of the roles available, paraphrased from ‘User Predefined Role’
        at http://msdn.microsoft.com/en-us/library/ms157363.aspx.
      • Role Description
        System Administrator A user has the ability to enable features and set defaults throughout the system.
        In addition, has the ability to set site-wide security, and define role definitions,
        along with manage all jobs.
        System User Only basic server information is viewable to this role group.
      • You need to add at least one user as a System Administrator so that you no longer
        have to run as administrator. For my set-up I will be adding both a system user
        and a system administrator user. This will allow me to have separation of control
        during demoes. I would recommend creating two new user groups on the machine which
        are assigned the appropriate role levels, and then adding the accounts to the groups.
        This will allow you to quickly make changes as new test accounts are created and
        used, along with getting you in the practice of thinking about security in terms
        of groups and not individuals.
      • In addition to setting the system roles you must setup roles for the actual folder/viewing
        level also. To do this return to Home, and click Folder Settings.
        • You will see a similar security setting page as before. Click New Role Assignment
      • As with before either groups or users can be assigned the different roles. Depending
        on you planned strategy it may make since to assign individual users at this level,
        but remember the more individuals you begin assigning, the more difficult administration
        tasks can become.
      • Here is a summary of the roles available, paraphrased from ‘User Predefined Role’
        at http://msdn.microsoft.com/en-us/library/ms157363.aspx.
        • Role Description
          Content Manager All item level roles are wrapped into this single role. This means users or groups
          assigned the role are able to grant permissions, define folder structure, and all
          other management abilities of report server content.
          Publisher Grants the ability to add new items to the report server, including new reports
          and folders
          Browser Can run, subscribe, and browse reports. Can be considered a read only permission
          level.
          Report Builder Has the ability to author and edit reports which exist in the Report Builder
          My Reports Allows user to create a personal report workspace (think a SharePoint MySite like
          experience) were they can store and manager reports for personal use.
        • My recommendation is the user assigned the System Administration role at the site
          level should also be granted Content Manager role at this level. While your system
          user level group/user should be given at minimum Browser role, if not more. This
          is your call as to how you plan on using the system.

    Please click "Mark As Answer" if my post helped.

    • Marked as answer by 王者荣耀 Wednesday, September 9, 2015 6:24 AM
    Saturday, August 29, 2015 7:05 PM
  • Hi Vijay, 

    According to your description, when typing in the URL "http:// computername/reports", the browser prompt you to login, right? 

    In Reporting Services, if you don't use NTLM authentication and visit Report Manager out of domain, you will be required to enter your username and password. In your scenario, are you visiting Report Manager out of domain? If so, please check the rsreportserver.config file authenticaiton type is Negotiate or Kerberos under "C:\Program Files\Microsoft SQL Server\MSRS12.MSSQLSERVER\Reporting Services\ReportServer". It's because that Negotiate attempts Kerberos authentication first, but falls back to NTLM if Active Directory cannot grant a ticket for the client request to the report server. 

    If the authentication is not NTLM, you can try to change the report server authenticaiton type to NTLM. And then when visiting Report Manager, you don't need to enter your account.

    If you have any other question, please feel free to ask.

    Regards,
    Shrek Li 

    • Proposed as answer by 王者荣耀 Monday, September 7, 2015 9:07 AM
    • Marked as answer by 王者荣耀 Wednesday, September 9, 2015 6:24 AM
    Monday, August 31, 2015 2:35 AM

All replies

  • Hi Vijay,

    You should check the Report Manager's authentication mode. This is web server stuff and not my strong point but I've had that sort of issue with other web-based products and it's often the authentication mode that's the issue. Have a look in the Report Manager's web.config (ours is C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportManager\Web.config).

    In the system.web section I believe you should have:

     authentication mode="Windows"
     identity impersonate="True"
     
    Our Reporting Services is using SQL's own http server, not IIS. If yours is hosted by IIS you might need to look in IIS Admin to find this stuff.


    Please Dont forget to mark as answer and Helpful Post. It helps others to find relevant posts to the same question. Milan Das

    Saturday, August 29, 2015 2:03 PM
    1. Try going to the report services link: http://<yourserver name>/Reports.
      • It will normally ask for credentials, at which time enter some credentials.
      • Most likely you will receive the following error message:
        • “SQL Server Reporting Services Error User <domain>\<name> does not have
          required permissions. Verify that sufficient permissions have been granted and Windows
          User Account Control (UAC) restrictions have been addressed.”
      • As you can guess, the user account must be given some permissions to get in.
    2. So you may be wondering how do I get around this issue and what caused it. My understanding
      is how Reporting Services handles the user accounts that are added during installation,
      see step 22.
    3. Even though you may already be logged in as the administrator for the system and
      SQL, you must run Internet Explorer as Administrator
    4. Re-enter the url for Report Server Manager (http://localhost/Reports)
      and you will be see the following
    5. Click Site Settings in the upper right hand corner. You are now
      in the site settings section of Report Server (if you are familiar with Windows
      SharePoint Server 3.0 you will notice some similarities in the setup of the screen.
      (Always nice of them to reuse good ideas.)
    6. On the left hand side click Security
    7. Click New Role Assignment this will take you to the page were new
      users can be added with different level of security (admin or user)
      • Here is a summary of the roles available, paraphrased from ‘User Predefined Role’
        at http://msdn.microsoft.com/en-us/library/ms157363.aspx.
      • Role Description
        System Administrator A user has the ability to enable features and set defaults throughout the system.
        In addition, has the ability to set site-wide security, and define role definitions,
        along with manage all jobs.
        System User Only basic server information is viewable to this role group.
      • You need to add at least one user as a System Administrator so that you no longer
        have to run as administrator. For my set-up I will be adding both a system user
        and a system administrator user. This will allow me to have separation of control
        during demoes. I would recommend creating two new user groups on the machine which
        are assigned the appropriate role levels, and then adding the accounts to the groups.
        This will allow you to quickly make changes as new test accounts are created and
        used, along with getting you in the practice of thinking about security in terms
        of groups and not individuals.
      • In addition to setting the system roles you must setup roles for the actual folder/viewing
        level also. To do this return to Home, and click Folder Settings.
        • You will see a similar security setting page as before. Click New Role Assignment
      • As with before either groups or users can be assigned the different roles. Depending
        on you planned strategy it may make since to assign individual users at this level,
        but remember the more individuals you begin assigning, the more difficult administration
        tasks can become.
      • Here is a summary of the roles available, paraphrased from ‘User Predefined Role’
        at http://msdn.microsoft.com/en-us/library/ms157363.aspx.
        • Role Description
          Content Manager All item level roles are wrapped into this single role. This means users or groups
          assigned the role are able to grant permissions, define folder structure, and all
          other management abilities of report server content.
          Publisher Grants the ability to add new items to the report server, including new reports
          and folders
          Browser Can run, subscribe, and browse reports. Can be considered a read only permission
          level.
          Report Builder Has the ability to author and edit reports which exist in the Report Builder
          My Reports Allows user to create a personal report workspace (think a SharePoint MySite like
          experience) were they can store and manager reports for personal use.
        • My recommendation is the user assigned the System Administration role at the site
          level should also be granted Content Manager role at this level. While your system
          user level group/user should be given at minimum Browser role, if not more. This
          is your call as to how you plan on using the system.

    Please click "Mark As Answer" if my post helped.

    • Marked as answer by 王者荣耀 Wednesday, September 9, 2015 6:24 AM
    Saturday, August 29, 2015 7:05 PM
  • Hi Vijay, 

    According to your description, when typing in the URL "http:// computername/reports", the browser prompt you to login, right? 

    In Reporting Services, if you don't use NTLM authentication and visit Report Manager out of domain, you will be required to enter your username and password. In your scenario, are you visiting Report Manager out of domain? If so, please check the rsreportserver.config file authenticaiton type is Negotiate or Kerberos under "C:\Program Files\Microsoft SQL Server\MSRS12.MSSQLSERVER\Reporting Services\ReportServer". It's because that Negotiate attempts Kerberos authentication first, but falls back to NTLM if Active Directory cannot grant a ticket for the client request to the report server. 

    If the authentication is not NTLM, you can try to change the report server authenticaiton type to NTLM. And then when visiting Report Manager, you don't need to enter your account.

    If you have any other question, please feel free to ask.

    Regards,
    Shrek Li 

    • Proposed as answer by 王者荣耀 Monday, September 7, 2015 9:07 AM
    • Marked as answer by 王者荣耀 Wednesday, September 9, 2015 6:24 AM
    Monday, August 31, 2015 2:35 AM