Tuesday, April 24, 2012

The request failed with HTTP status 401: Unauthorized

Our environment:
Each machine is separate, all databases are on the cluster

SQL 2008 - Clustered
Sharepoint 2010  Internal
Sharepoint 2010 Certification Server
Sharepoint 2010 External
SSRS in Sharepoint Integrated mode

The issue:
Everything was setup and configured correctly.
The Sharepoint machine could open the SSRS reports, but none of the other clients could.
They would be able to browse the sharepoint site and SSRS folder structure.
when they tried to run a report, they would get the error.
We determined that our Kerberos was not set up properly, and this error was due to the double hop issue.
We had no intentions of fighting up with Kerberos, so we went the other direction and used the Trusted Account setup.

If you would like to setup Kerberos and Windows Authentication for Sharepoint and SSRS, follow the instructions here
http://go.microsoft.com/fwlink/?LinkID=196600

The request failed with HTTP status 401: Unauthorized.


To resolve this issue:

1) Disable Loopback check on SSRS server (Method 2)
  1. Click Start, click Run, type regedit, and then click OK.
  2. In Registry Editor, locate and then click the following registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  3. Right-click Lsa, point to New, and then click DWORD Value.
  4. Type DisableLoopbackCheck, and then press ENTER.
  5. Right-click DisableLoopbackCheck, and then click Modify.
  6. In the Value data box, type 1, and then click OK.
  7. Quit Registry Editor, and then restart your computer.

2) Configure SSRS to use Trusted Account
Configure Reporting Services Integration to use Trusted Account instead of Windows Integrated. Follow these steps to change this setting:
  1. Open Central Administraton, and then click Application Management> Manage Integration Settings.
  2. (For SP 2010 General Application Settings>Reporting Services Integration)
  3. Set Authentication mode to Trusted Account.
    Note: You will no longer be able to specify Windows Authentication for your report data sources, because we are not using Windows credentials. If this is done, you will receive the following error: “This data source is configured to use Windows integrated security. Windows integrated security is either disabled for this report server or your report server is using Trusted Account mode". 

3) Configure Sharepoint using Sharepoint Central Administration to use NTLM (Trusted Account)
    1. Open Central Administration, and then click Application Management.
    2. Under Application Security, click Authentication Providers.
    3. Click the zone you want to modify.
    4. Under IIS Authentication Settings. click NTLM.
    5. Click Save.

4) Grant a user account access to the SSRS reports
  1. Open your Sharepoint site
  2. Go to Site Actions> Site Permissions
  3. Select or create a group
  4. Add users to the group by clicking New>Add Users>Type user names in>OK

5) If your internet explorer keeps prompting users for a password, and you want to prevent this, add the sharepoint intranet site to the Local Intranet Sites List
  1. Internet Explorer>Option Gear>Internet Options>Security>Sites>http://mysharepointsite>Add>Close>Ok
Restart Sharepoint Server. / Cycle IIS
Restart SSRS Server / Cycle IIS

6) Change the security type on your SSRS Data Connection

  1. Set Integrated Security = False
  2. Tick the Stored Credentials
  3. Enter sa username and password
  4. Test Connection

Other Associated Errors:

  • An error has occurred during report processing. (rsProcessingAborted)
    • Cannot impersonate user for data source 'DataSource1'. (rsErrorImpersonatingUser)
      • This data source is configured to use Windows integrated security. Windows integrated security is either disabled for this report server or your report server is using Trusted Account mode. (rsWindowsIntegratedSecurityDisabled)  

No comments:

Post a Comment