HTTP 401 Errors When Connecting to Reporting Services using SSMS

HTTP 401 Errors When Connecting to Reporting Services using SSMS

am 29.03.2008 19:20:03 von DFS

I added Reporting Services virtual directories to a SSL-only website on my
production Win2003/SQL2005 machine (https://mydomain.net), configured it
using the SSRS configuration tool with everything default except for making
it require SSL with the certificate name (mydomain.net) and level 3 (SOAP
APIs) and checked the URLRoot in the config file as directed by
http://technet.microsoft.com/en-us/library/ms345223.aspx (although the
URLRoot was already correct).

But when I try to connect to RS using SSMS (or Report Manager) I get HTTP
status 401: Unauthorized, so I cannot even open up the SQL Server tools to
do anything with RS!!! (I had a similar problem some months ago that was
fixed when I enabled HTTP Keep-Alives - not a problem this time). I tried
using AuthDiag but nothing came back that I could understand (red Xs for
Kerberos???). I've done this on my dev server and I can always connect to
RS.

The IIS logs showed this everytime I tried to connect with SSMS (abbreviated
2008-03-29 14:30:54 POST /reportserver/ReportService2005.asmx - 443
mydomain.net 401 2 2148074254 1872 313 0
2008-03-29 14:30:54 POST /reportserver/ReportService2005.asmx - 443
mydomain.net 401 1 0 1996 348 0
2008-03-29 14:30:54 POST /reportserver/ReportService2005.asmx - 443
mydomain.net 401 1 2148074252 1755 596 0

So, this has something to do with IIS authentication problems, mixed in with
SSL (and not really with Reporting Services or SSMS, except that SSMS uses
the web services for RS).

Does anyone have any ideas on what I may be missing or what would cause the
inability to open RS with SSMS?

Thanks.

Re: HTTP 401 Errors When Connecting to Reporting Services using SSMS

am 30.03.2008 04:23:17 von David Wang

On Mar 29, 11:20=A0am, "Don Miller" wrote:
> I added Reporting Services virtual directories to a SSL-only website on my=

> production Win2003/SQL2005 machine (https://mydomain.net), configured it
> using the SSRS configuration tool with everything default except for makin=
g
> it require SSL with the certificate name (mydomain.net) and level 3 (SOAP
> APIs) and checked the URLRoot in the config file as directed byhttp://tech=
net.microsoft.com/en-us/library/ms345223.aspx(although the
> URLRoot was already correct).
>
> But when I try to connect to RS using SSMS (or Report Manager) I get HTTP
> status 401: Unauthorized, so I cannot even open up the SQL Server tools to=

> do anything with RS!!! (I had a similar problem some months ago that was
> fixed when I enabled HTTP Keep-Alives - not a problem this time). I tried
> using AuthDiag but nothing came back that I could understand (red Xs for
> Kerberos???). I've done this on my dev server and I can always connect to
> RS.
>
> The IIS logs showed this everytime I tried to connect with SSMS (abbreviat=
ed
> 2008-03-29 14:30:54 POST /reportserver/ReportService2005.asmx - 443
> mydomain.net 401 2 2148074254 1872 313 0
> 2008-03-29 14:30:54 POST /reportserver/ReportService2005.asmx - 443
> mydomain.net 401 1 0 1996 348 0
> 2008-03-29 14:30:54 POST /reportserver/ReportService2005.asmx - 443
> mydomain.net 401 1 2148074252 1755 596 0
>
> So, this has something to do with IIS authentication problems, mixed in wi=
th
> SSL (and not really with Reporting Services or SSMS, except that SSMS uses=

> the web services for RS).
>
> Does anyone have any ideas on what I may be missing or what would cause th=
e
> inability to open RS with SSMS?
>
> Thanks.


What authentication protocol is enabled on /reportserver (in IIS) and
is KeepAlives enabled for /reportserver.

Your 401 pattern is not normal, meaning the problem has nothing to do
with IIS authentication but rather your environment and configuration.
You will need to disclose a bit more about your configuration and
environment.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//

Re: HTTP 401 Errors When Connecting to Reporting Services using SSMS

am 30.03.2008 15:40:39 von DFS

I *really* appreciate your help. I thought I did everything by the book (and
read most of your 401 problem blogs) and I've spent days/hours on something
that I thought would take a minute (like it did on my dev machine).

Even when I go to SSMS (have to connect via database engine because I cannot
with RS), view registered servers->reporting services->and try to connect to
the RS instance (MACHINENAME), I get "The request failed with HTTP status
401: Unauthorized (System.Web.Services), and get the identical IIS logs that
I posted before.

> What authentication protocol is enabled on /reportserver (in IIS)?
Integrated Windows authentication (for /reports as well)

> is KeepAlives enabled for /reportserver?
/reportserver and /reports are both virtual directories of my SSL-required
website. I can find KeepAlives under Website->Connections for the website,
but under Properties for the virtual directories I can't seem to find any
way to check if KeepAlives is enabled (i.e. there is no website tab)

> disclose a bit more about your configuration and environment

I thought I did ;) Please let me know what else I am missing and what else
you would need to know

IIS
Default Web Site: Stopped (no RS virtual directories)
Website: Enable HTTP Keep-Alives -checked, TCP Port 80, SSL Port 443
Home Directory: Execute Permissions: Scripts Only, DefaultAppPool
Authentication Methods: Enable Anonymous with IUSR_MACHINENAME, and
Integrated Windows
Certificate name: mydomain.net (associated to WEBSITE by IP address)
Permissions for /reportserver and /reports both include
SQLServer2005ReportingServicesWebServiceUser and SQLServer2005ReportUser

From the RS Configuration Manager:
Connect -> Machine Name: MACHINENAME, Instance Name: MSQLSERVER
Server Status: Initialized, Running
RS Virtual Directory: Name: ReportServer, Website: WEBSITE, Require SSL: 3 -
All SOAP APIs, Certificate Name: mydomain.net
RM Virtual Directory: Name: Reports, Website: WEBSITE
Windows Service Identity: Service Name Report Server, Service Account: Local
System, Built-in Account: Local System
Web Service Identity: ASP .NET Service Account: NT Authority/NetworkService,
Report Server and Report Manager: DefaultAppPool
Database Setup: Server Name: MACHINENAME, Database Name: ReportServer,
Version: C.0.8.54, Server Mode: Native, Credentials Type: Service
Credentials
SharePoint Integration: Blue exclamation point
Encryption Keys: Blue exclamation point
Initialization: Gray checkmark
Email Settings, Execution Account: Yellow caution exclamation point.

Windows 2003 R2 Standard Service Pack 2
Microsoft SQL Server 2005 - 9.00.3152.00 (Intel X86) Standard Edition on
Windows NT 5.2 (Build 3790: Service Pack 2)
Microsoft SQL Server Management Studio 9.00.3042.00
Microsoft Analysis Services Client Tools 2005.090.3042.00
Microsoft Data Access Components (MDAC) 2000.086.3959.00
(srv03_sp2_rtm.070216-1710)
Microsoft MSXML 2.6 3.0 4.0 6.0
Microsoft Internet Explorer 7.0.5730.11
Microsoft .NET Framework 2.0.50727.832
Operating System 5.2.3790


"David Wang" wrote in message
news:d50ba456-19e6-42fa-851f-2c9a06b7f1e9@i12g2000prf.google groups.com...
On Mar 29, 11:20 am, "Don Miller" wrote:
> I added Reporting Services virtual directories to a SSL-only website on my
> production Win2003/SQL2005 machine (https://mydomain.net), configured it
> using the SSRS configuration tool with everything default except for
> making
> it require SSL with the certificate name (mydomain.net) and level 3 (SOAP
> APIs) and checked the URLRoot in the config file as directed
> byhttp://technet.microsoft.com/en-us/library/ms345223.aspx(a lthough the
> URLRoot was already correct).
>
> But when I try to connect to RS using SSMS (or Report Manager) I get HTTP
> status 401: Unauthorized, so I cannot even open up the SQL Server tools to
> do anything with RS!!! (I had a similar problem some months ago that was
> fixed when I enabled HTTP Keep-Alives - not a problem this time). I tried
> using AuthDiag but nothing came back that I could understand (red Xs for
> Kerberos???). I've done this on my dev server and I can always connect to
> RS.
>
> The IIS logs showed this everytime I tried to connect with SSMS
> (abbreviated
> 2008-03-29 14:30:54 POST /reportserver/ReportService2005.asmx - 443
> mydomain.net 401 2 2148074254 1872 313 0
> 2008-03-29 14:30:54 POST /reportserver/ReportService2005.asmx - 443
> mydomain.net 401 1 0 1996 348 0
> 2008-03-29 14:30:54 POST /reportserver/ReportService2005.asmx - 443
> mydomain.net 401 1 2148074252 1755 596 0
>
> So, this has something to do with IIS authentication problems, mixed in
> with
> SSL (and not really with Reporting Services or SSMS, except that SSMS uses
> the web services for RS).
>
> Does anyone have any ideas on what I may be missing or what would cause
> the
> inability to open RS with SSMS?
>
> Thanks.


What authentication protocol is enabled on /reportserver (in IIS) and
is KeepAlives enabled for /reportserver.

Your 401 pattern is not normal, meaning the problem has nothing to do
with IIS authentication but rather your environment and configuration.
You will need to disclose a bit more about your configuration and
environment.


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//