Reporting Services security problem



    I've got a sharepoint site setup that has a web-part that points to a SSRS report. SSRS and Sharepoint are on the same machine. they are NOT running in integrated mode. When a user goes to the Sharepoint site, it requires them to login.


    Once they do that, they get into the sharepoint site. However, when they click on the report page viewer, I get two different behaviors:


    1. for machines that are ON the domain, they get 'the permissions granted to user <domain>\<username> are insufficient for performing this operation. (rsAccessDenied)'

    2. for machines that are NOT on the domain, using the same domain login used to login to the Sharepoint site, they get 'access is denied due to invalid credentials'. When look at the Security Event viewer on the sharepoint / ssrs server, I see the following error: "

    Logon Failure:

    Reason: Unknown user name or bad password

    User Name: <username>

    Domain: <domain>

    Logon Type: 3

    Logon Process: NtLmSsp

    Authentication Package: NTLM




    Any ideas with these two separate errors?



    Wednesday, July 02, 2008 2:27 PM


  • I think something to do with active Directory configuration ...
    means both domain should pass through..
    Wednesday, July 02, 2008 5:28 PM

All replies

  • The user NT Authority\NetworkService should have access to both the report server databse and also to the report server folder in program files ...
    Wednesday, July 02, 2008 2:41 PM

    Great, thank you Sandeep, that worked for the users whose computers ARE on the domain, but not for those in #2. Any ideas on that one?
    Wednesday, July 02, 2008 3:19 PM
  • hmmm, If the user are limited then u can give them separate access..
    Go to Sql server Connect to report manager-> Right click on folder properties-> Permission.
    Then add group or user whom u want to add here .

    Plus i think u have to give access them to the folders also...

    Wednesday, July 02, 2008 3:32 PM
  • Still no luck- first I added Authenticated Users which didn't work, then added myself (I am having the problem with my machine not being on the domain), and it also didn't work.



    The only thing different between the two Security audit settings of the one that works, and the one that doesn't is the working one is 'Digest' whereas the broken one is 'NTLMssp'.


    I wonder if I change the ReportingServices virtual directory setting to 'Digest' if that will work- but I don't want to have the users have to authenticate twice.


    Any other ideas? Could you explain how reporting services works in terms of IIS logins, authentication, etc?





    Wednesday, July 02, 2008 4:31 PM
  • you are using windows authetication i think , so that domain must  pass through that.
    Wednesday, July 02, 2008 5:06 PM
  • None of the virtual directory settings here (Sharepoint and Reporting Services) are both set to Digest authentication, with Windows Authentication turned off. Do you know of a way to change the Authentication type from NTSMssp to Digest? I think that's the problem.

    Wednesday, July 02, 2008 5:11 PM
  • I think something to do with active Directory configuration ...
    means both domain should pass through..
    Wednesday, July 02, 2008 5:28 PM