Thursday, March 22, 2012

Delegation And Windows 2003

I have the following scenario:
Machine 1: IIS Server - running Reporting Services
Machine 2: SQL Server - stores all data that a report will use
These servers run in a Windows 2000 Active Directory domain.
The IIS web site has the directory security set to Windows authentication
and Anonymouse authentication unchecked.
The reports use a shared data source that has the Windows authentication
checkbox checked.
The IIS Server has the delegation checkbox checked in Active Directories and
Users.
Run the report from a browser and get the login failed for the anonymous
user. Run the report from the IIS Server and it works. This is a sure
indication of a delegation issue.
What am I missing?Hi,
From your descriptions, I understood that running the report from a browser
and get the login failed for the anonymous user. Run the report from the
IIS Server and it works. Have I understood you? Correct me if I was wrong.
Based on my socpe, it seems to be a Kerberos issue and the simplest
workaround is changing the shared data source to use SQL authentication to
the SQL Server.
To set up delegation on a computer, the following conditions must be met:
* The account doing the delegation must be set to Trusted for delegation to
any service or Trusted for delegation to specified services only.
* The account that the service is delegating for must not have the Account
is sensitive and cannot be delegated option chosen.
* An administrator must have the Enable computer and user accounts to be
trusted for delegation privilege on the computer in order to enable
delegation.
See the following knowledge base article for more detailed information
Basic Overview of Kerberos User Authentication Protocol in Windows 2000
http://support.microsoft.com/kb/217098
Thank you for your patience and corporation. If you have any questions or
concerns, don't hesitate to let me know. We are always here to be of
assistance!
Sincerely yours,
Michael Cheng
Online Partner Support Specialist
Partner Support Group
Microsoft Global Technical Support Center
---
Get Secure! - http://www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
Please reply to newsgroups only, many thanks!sql
Posted by wick at 10:23 PM
Labels: , , , , , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)