I have an instance of SSRS that will not run my report subscriptions if it is using a dedicated domain account I made for the express purpose of using it to run this service.
If I have SSRS use my personal domain account as the service account, my subscriptions run correctly. If I have SSRS use this other domain account, the subscriptions do not run.
What else do I have to configure to make this run correctly not on my personal account?
Error message below.
"ERROR: Throwing Microsoft.ReportingServices.Diagnostics.Utilities.ServerConfigurationErrorException: AuthzInitializeContextFromSid: Win32 error: 5; possible reason - service account doesn't have rights to check domain user SIDs., Microsoft.ReportingServices.Diagnostics.Utilities.ServerConfigurationErrorException: The report server has encountered a configuration error. ;"
During install of SQL Server 2005, we can of course use a domain account or the built-in system account for running the services. I lean toward domain for obvious reaons but would like to know a +/- to each option and why I'd choose one over the other and what consequences or limitations one may encounter if I choose one over the other.
I created a SSRS Reports in SQL Server 2012 and deployed in server, I want this report to be accessed by one particular User created in that hosted server and any time if user hits the Report URL it asked for login Prompt.Suppose if I create a Windows User "ReportUser" in report server , I want when user hits the URL he should be able to access the report by providing the 'ReportUser" credentials.
I have created a new SSRS Server and done all of the basic security setup for the site but I am having trouble with client machine access...At first I had an issue with being able to access report manager from any client and ended up having to shut off windows authentication on the client IE settings to get it to work. Now I am trying to run Report Builder from a client machine and it will not download. The client machine is on the same domain and my user id is set as an administrator within SSRS and as a local admin on the 2008 server.
I had the thought that without windows auth in the browser maybe it can't permit me access to the application but if I turn it on I can't get to it to download it. I have set Full Control rights to the folder as well. Most of the info out there is for 2005 and that uses IIS to host the pages where as 2008 does not. Here is the details of the error:
PLATFORM VERSION INFO Windows : 6.1.7600.0 (Win32NT) Common Language Runtime : 2.0.50727.4927 System.Deployment.dll : 2.0.50727.4927 (NetFXspW7.050727-4900) mscorwks.dll : 2.0.50727.4927 (NetFXspW7.050727-4900) dfdll.dll : 2.0.50727.4927 (NetFXspW7.050727-4900) dfshim.dll : 2.0.50727.4927 (NetFXspW7.050727-4900)
- first machine holds MOSS 2007 - second machine SQL 2005 SP2+MOSS Web Front
MOSS config. database is on Sql server. I'm trying to configure Reporting Services on SQL server in Sharepoint Integration Mode. As per Microsoft tutorials I've set up domain accounts for Sql services. When I use Reporting Services Configuration to configure Web Service Identity to use an App. Pool that runs under a domain account i get this error: "ReportServicesConfigUI.WMIProvider.WMIProviderException: An unknown error has occurred in the WMI Provider. Error Code 800708AC at ReportServicesConfigUI.WMIProvider.RSReportServerAdmin.SetWebServiceIdentity(String applicationPool)"
Database Setup and Windows Service Identity work fine using domain account. I've searched many forums, Microsoft "How To" to no avail.
Installed sql server 2012 enterprise. Runs with the built in account fine.
I tried entering a domain account to run as the service account from sql configuration it fails with the error "the specified network password is not correct".
I tried from services.msc and entered successfully but when I try to restart it fails that the log in credentials are wrong.
the domain account and password I entered are just fine. What's it I should do or missing?
I have done the following and a domain user would not access report created a login to the SQL server to the user (this SQL Server is where data source DB is)went to site setting in Report Manager and made this use a system userright clicked on report folder and made this user in the browser roleeven checked that in the report in question, the user is already in the browser role Still the user would not access the report! "User .......... does not have required permission" is the error message I am getting.
We have an existing SSRS server, and have just created a new child domain. We'll be migrating users from the parent to the child, and want to add the users of that new domain with access to SSRS. In the parent domain they are able to access, but after migration with the child domain account, they cannot.
I have added the group CHILDDomain Users with a system user role on SSRS, and PARENTDomain Users was already there.
Is there any additional step I should/could take to get this active?
I am working with a client who is rolling out 50+ VM's based of a template we created. This is SQL 2012 CU1 running on Windows Server 2008 R2. Using the default service account the installer has it registers fine and we get the following in the SQL log.
The SQL Server Network Interface library successfully registered the Service Principal Name (SPN) [ MSSQLSvc/server.domain.com:1433 ] for the SQL Server service.
When we change to a domain service account through SQL configuration manager we see the following and cannot connect remote using integrated authentication The SQL Server Network Interface library could not register the Service Principal Name (SPN) [ MSSQLSvc/server.domain.com:1433 ] for the SQL Server service. Windows return code: 0x2098, state: 15. Failure to register a SPN might cause integrated authentication to use NTLM instead of Kerberos. This is an informational message. Further action is only required if Kerberos authentication is required by authentication policies and if the SPN has not been manually registered.
My understanding is you should and could change service accounts using the SQL Server Configuration Manager and it would set all permissions. Is there something we need to do in addition to get this up and working?
I am building a webapp that calls an SSRS instance to display a report based on another servers web service.I can make a call from the ssrs server using this in the RDL:
This works no problem. but.. I want to have the user parameter "Craig" be a parameter passed in from the web app. If it were a regular SQL data source you would put @user in the query. How do you do it with XML text queries?
I've done some searching, but have found no definite answer yet. Our SQL 2005 servers are members of Active Directory Services. We want to run SQL services using an ADS account.
I see 7 SQL services in the SQL Server Configuration Manager: Integration Services, FullText Search, SQL Server, Analysis Services, Reporting Services, Browser, and Agent.
Question: Is it a bad move to run them all using the same domain account? I mean, wouldn't this give, say the Browser service, more privileges than it needs by allowing its account access to the same resources as, for example, the Agent service? What I'm concerned about is a vulnerability in one service compromising another service.
I would like to be able to use one domain account for all 7 services on two SQL servers, but I have a feeling this is a poor choice.
What is the best method for running SQL services using a domain account?
I am facing a problem which is based on the restrictions on the domain of the customer. After deplyoing the report on the server we are getting the following error message in the report manager after executing (clicking) a report link:
Logon failed.
Logon failure: the user has not been granted the requested logon type at this computer. (Exception from HRESULT: 0x80070569)
I googled for that and it seems to be an authentication issue where some user / account is not granted to log on as service / locally, but the problems is better described than the solutions. Did anyone faced that problem so far ? Which account has to be granted what priviledges or permissions in Windows. We are using a SQL Server 2005 / Reporting Services 2005 running on the same machine whereas the virtual directories Reports and Reportserver are running in a separate Application Pool
I have a problem that i can't log on sql server as the account is lock out. I don't know why it is locked out as this is the first time i log on. Anybody has this experience? Thank you very much!
My 'sa' account is locked out and the BUILTINAdministrators account does not have the sysadmin role. I removed the sysadmin role from BUILTINAdministrators for security reasons and before I could create a new account with the sysadmin role I fat fingered the sa password and locked it out. How can I get myself out of this mess.
I have been using SQL2000 for a number of years and the company I work for needs a new system so I decided to install SQL2005.
I installed SQL2005 without any problems and set a complex password for SA. I tried to log on and had to make several atempts as I remmebered the password after the SA account got locked out with the following message:
Login failed for user 'sa' because the account is currently locked out. The system administrator can unlock it. (Microsoft SQL Server, Error: 18486).
The problem I have is I cannot log onto SQL at all as it is not logging on with windows authentication either!
How do I unlock the SA account or do I have to reinstall SQL?
Hi there,BOL notes that in order for replication agents to run properly, theSQLServerAgent must run as a domain account which has privledges to loginto the other machines involved in replication (under "SecurityConsiderations" and elsewhere). This makes sense; however, I waswondering if there were any repercussions to using duplicate localaccounts to establish replication where a domain was not available.Anotherwords, create a local windows account "johndoe" on both machines(with the same password), grant that account access to SQL Server onboth machines, and then have SQL Server Agent run as "johndoe" on bothmachines. I do not feel this is an ideal solution but I havecircumstances under which I may not have a domain available; mypreliminary tests seem to work.Also, are there any similar considerations regarding the MSSQLSERVERservice, or can I always leave that as local system?Dave
We may need to change the account presently used to run the Windows Service "SQL Server Integration Services".What are the implications of making such a change?
I am new to Reporting Services. I want to use Reporting Services 2005 in our application.
My custom web application is on one machine and Reporting Services 2005 is on other machine. I am using Forms Authentication and using Single Sign On for login
If my custom web application and Reporting Services are on same machin I can get "Authentication Ticket" issued by ReportingServices2005 to the Report server.
But in this case I am not able to get "Authentication Ticket" on Report Server since it is on other machine.
I am using ReportViewer control in my web application to display Reports and using LogonUser method to get the Authentication Ticket.
How can I pass CookieAuthentication ticket from my Custom Web Application to Report Server?
Is there any work around to pass Authentication Cookie across Domain or any other solution for this?
I have a situation that I have discovered in our QA database that I need to resolve. When I looked at the Activity Monitor for our server, I discovered that a process is running under a domain user account for one of our .Net applications. The problem is that that domain user account has not been created as a SQL login account on the server. I am trying to figure out how someone can log in to the database server with a domain user account that has not been added to SQL Server as a login account.
Does anyone have any insight on this? I don't like the idea of someone being able to create domain account that can access the database without me granting them specific access.
I've just got RS Enterprise Edition. Installed it in a Test Server, ok. Installed it in a DEV server, having some errors.
My DEV server is an "ALL in 1" server, which is also a Domian Controller. While Test Server is not a DC.
The installation was succesful but when I open RS Manager thru the web, it gives me a ASP.NET error:
Access to the path "D:Program FilesMicrosoft SQL ServerMSSQLReporting ServicesReportManagerin" is denied. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.UnauthorizedAccessException: Access to the path "D:Program FilesMicrosoft SQL ServerMSSQLReporting ServicesReportManagerin" is denied.
ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}ASPNET on IIS 5 or Network Service on IIS 6) that is used if the application is not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.
To grant ASP.NET write access to a file, right-click the file in Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.
I tried doing everything I can possible think of from the error message advice, including adding rights to ASPNET user from ISS to that particular folder...no success.
What I'm suspecting is I can't install RS in a DC box. But I can't find this info anyway in the web.
Anyone can point me to the correct direction or any advice?
I receive an error message in event log when i try to connect to the Database Server using ODBC on a client machine. The database server is running on Windows 2003 Server Standard Edition and the client machine is Windows XP Professional. Following is the error message from the event log:
2147467259 - [Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user 'sa' because the account is currently locked out. The system administrator can unlock it.
What causes the error to occur and how to resolve it?Appreciate for your assistence.
I had to migrate my report server (2008R2) to a new domain. I built new server and restored the old ReportServer and ReportServerTempDB into new server and also restored the certificate from old server. The Report Server is running but I don't have full access to all server futures anymore, looks like it's AD authentication messed up. My new account is Admin on new server but I can't see all options, like New Data Source, or wehn going on report level to manage to see all option such as Parameters, Subscriptions, Data Source.
I have a question about ssrs security. In report manager I have set a list of users as browsers, and the builtin administrators are content manager in the parent folder where reports are. A user that is not an administrator and neither a user I added, has access to reports.
I'm thinking this person is having access because the data source of the reports use a administrator account to connect to the analysis services using the option Credentials stored securely in the report server with the 2 checkboxes marked (use as windows credentials when connecting to the data source and impersonate the authenticated user).
I simply marked this option because SSRS is in 1 server and SSAS in other and I think kerberos need to be configured and I haven't looked into it, but I think the report access is separated from the data source.
I have some problem about reporting service add-in.
After I install reporting service add-in for SharePoint, reporting service menu does not appear in Application Management Tab in SharePoint Central Administration.
I try to uninstall and re-install again, it remain not work.
I am running into a weird issue with a new SQL Reporting Services 2014 server I built. I installed SQL Reporting 2014 on Windows Server 2012 R2 and configured Kerberos, but the site is extremely slow. After some reconfiguration and log captures I have determined the issue has to do with the Kerberos setup, however I am running a similar configuration with SQL Reporting Services 2008 on Windows Server 2008 R2 and do not run into the same errors.
The error I see while using Wireshark is KRB Error: KRB5KDC_ERR_BADOPTION NT Status: STATUS_NO_MATCH. When I drill down the into the error I can see the kerberos string is testprjmnmtreports14.company.com, which is the URL we are using to access the site. I made sure to add that name as an SPN for the service account that is running SQL Reporting Services, however I still receive the error.
Then I tried configuring the site to run without a hostheader, so I accessed the site with the server name, ECTSTSQLRS5, and the site works perfectly fine, no errors are reported either. So it seems I have isolated the issue down to Kerberos but I am not sure how to resolve it. Here is some more information about my environment:
DNS/URL used: testprjmnmtreports14.company.com Server Name (FQDN): ECTSTSQLRS5.company.int AD Domain Name: company.int Server Version: Windows Server 2012 R2 AD Functional Level: 2008 R2
As you can see I am trying to use a .com address but my AD domain is .int which I think is the issue, but I do not have the same problem on my other server that is running Windows Server 2008 R2. What do I need to do to allow my new site on 2012 R2 to work with this DNS Alias?