1 / 27

Solving the Integration Problems of SharePoint 2010

elina
Download Presentation

Solving the Integration Problems of SharePoint 2010

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Rolf Tesmer National Database Consulting Team Lead Dimension Data Australia Jeremy Hancock Senior Technical Consultant – Application Integration Dimension Data Australia Solving the Integration Problems of SharePoint 2010 and Reporting Services 2008 R2

    3. Agenda Overview Reporting Services integration with SharePoint and what's new SharePoint and Reporting Services architectures and considerations The what’s, why’s, when’s and how’s to SSRS and SharePoint integration Security features, configuration and considerations Troubleshooting Tips Welcome to the session. Can you please raise your hand if your organisation currently uses SQL Reporting Services? Please keep your hand up if you are using it in SharePoint integrated mode? One more question – who is using SharePoint 2010 at this time? Today we will talk about Reporting Services and SharePoint and some of the information you will need to know. We’ll also share some tips around troubleshooting the integration of these components. Welcome to the session. Can you please raise your hand if your organisation currently uses SQL Reporting Services? Please keep your hand up if you are using it in SharePoint integrated mode? One more question – who is using SharePoint 2010 at this time? Today we will talk about Reporting Services and SharePoint and some of the information you will need to know. We’ll also share some tips around troubleshooting the integration of these components.

    4. Overview of Microsoft Business Intelligence SQL Server Reporting Services integration with SharePoint

    5. Overview of SQL Server 2008 R2 New Reporting Services and SharePoint Integration Features ReportBuilder 3.0 with Report Parts AJAX ReportViewer ATOM feed/renderer New data visualizations (Map, Databar, Sparklines and Indicators) Alternate Access Mapping SharePoint ULS Logging Claims : Trusted Account mode will continue to work in Claims enabled SharePoint 2010 SharePoint List Reporting RS.EXE enabled to script against SharePoint mode Overall report rendering performance improvements

    6. Common Architectures SharePoint 2010 Scale Out Tiers 10 min handover – 11:40 10 min handover – 11:40

    7. Common Architectures Reporting Services 2008 R2 Scale Out Tiers

    8. Common Architectures Putting the Architectures Together

    9. Common Architectures Reporting Services and SharePoint Integration – Take Away’s SharePoint 2010 is x64 only All SharePoint WFE’s require SQL SSRS R2 Add In (Free) All SQL SSRS R2 servers need to be a “Farm Joined Machine” (i.e. SharePoint WFE) SQL SSRS 2008 R2 database must be in SharePoint Integrated mode All SQL SSRS 2008 R2 servers must deploy… Standard edition – for single SSRS 2008 R2 WFE deployments Enterprise edition – for all scale-out SSRS 2008 R2 WFE deployments For all Scale-out SSRS 2008 R2 WFE deployments All SSRS 2008 R2 instances must run in SharePoint integrated mode There must be a single point of entry to the scale-out deployment (i.e. NLB) All SharePoint 2010 servers must deploy… Enterprise edition (eCal) – to facilitate BI Centre integration, Excel Services, etc Key points are Each MOSS server needs Add In Each SSRS server must be Farm Joined Machine SSRS DB must be in SharePoint Integrated Mode Key points are Each MOSS server needs Add In Each SSRS server must be Farm Joined Machine SSRS DB must be in SharePoint Integrated Mode

    10. Common Architectures So How Does Integration Work? The SSRS add-in installs three components: the SSRS Proxy, a Report Viewer Web Part, and the application pages that allow you to view, store, and manage report server content on a SharePoint site or farm. The SSRS Proxy facilitates communication between the WFE and the Report Server. It also adds functionality to run reports in Local Mode – more on this later The Report Server has to interact with the configuration and content databases on your SharePoint site or farm. It does this via the SharePoint Object Model. You can achieve this by installing a minimum copy of SharePoint on the Report Server and joining it to the farm. The version of SharePoint you install on the Report Server must be the same as the version used throughout the farm.  You need to do this only if you’re running your Report Server on a separate machine. If you are running both SharePoint and Reporting Services on the same machine, you only need to install the add-in. Now via the SharePoint integration page you can put the solution into Integrated mode and via the SharePoint object model SSRS can “talk” to the SharePoint content database to retrieve SSRS content. More in a minute on what that content actually is When you configure a report server to run in SharePoint integrated mode, the report server uses the authentication provider and permissions defined in the SharePoint Web application to control access to report server items and operations BTW 1 just so you are aware, there is a difference between SSRS Add In Report Viewer web part – and the web part of the same name from non-integrated SSRS/SharePoint installations. http://technet.microsoft.com/en-au/library/bb326405.aspx BTW 2 just so you are aware, Reporting Services custom security authentication extensions are not supported for report servers that run in SharePoint integration mode. In Reporting Services, the Windows operating system handles the authentication of users either through integrated security or through the explicit reception and validation of user credentials. Custom authentication can be developed in Reporting Services to support additional authentication schemes. This is made possible through the security extension interface Reporting Services can authenticate and authorize users with either Windows Authentication or custom authentication, but not both. Reporting Services does not support simultaneous use of multiple security extensions The SSRS add-in installs three components: the SSRS Proxy, a Report Viewer Web Part, and the application pages that allow you to view, store, and manage report server content on a SharePoint site or farm. The SSRS Proxy facilitates communication between the WFE and the Report Server. It also adds functionality to run reports in Local Mode – more on this later The Report Server has to interact with the configuration and content databases on your SharePoint site or farm. It does this via the SharePoint Object Model. You can achieve this by installing a minimum copy of SharePoint on the Report Server and joining it to the farm. The version of SharePoint you install on the Report Server must be the same as the version used throughout the farm.  You need to do this only if you’re running your Report Server on a separate machine. If you are running both SharePoint and Reporting Services on the same machine, you only need to install the add-in. Now via the SharePoint integration page you can put the solution into Integrated mode and via the SharePoint object model SSRS can “talk” to the SharePoint content database to retrieve SSRS content. More in a minute on what that content actually is When you configure a report server to run in SharePoint integrated mode, the report server uses the authentication provider and permissions defined in the SharePoint Web application to control access to report server items and operations BTW 1 just so you are aware, there is a difference between SSRS Add In Report Viewer web part – and the web part of the same name from non-integrated SSRS/SharePoint installations. http://technet.microsoft.com/en-au/library/bb326405.aspx BTW 2 just so you are aware, Reporting Services custom security authentication extensions are not supported for report servers that run in SharePoint integration mode. In Reporting Services, the Windows operating system handles the authentication of users either through integrated security or through the explicit reception and validation of user credentials. Custom authentication can be developed in Reporting Services to support additional authentication schemes. This is made possible through the security extension interface Reporting Services can authenticate and authorize users with either Windows Authentication or custom authentication, but not both. Reporting Services does not support simultaneous use of multiple security extensions

    11. The why, when and how of Integration Overview Why Integrate? New features of course! When should I Integrate? Ideally before you have report content deployed How do I Integrate? We’ll show you the step-by-step process

    12. The why, when and how of Integration Why Integrate? New Integration Features of Course! Manage all report content in SharePoint framework and capabilities Easier Integration installation & configuration Performing SSRS reporting operations in local (non- Integrated) mode Creating reports from SharePoint List content Performance: Reduced average number of SP OM calls/render request Removed additional “hop” between UI and proxy in RS Add-in

    13. The why, when and how of Integration New Feature Focus: Local Mode out-of-box Reporting in SharePoint 2010… SharePoint pre-requisite utility installs SSRS 2008 R2 Add-In Local Mode renders reports from SharePoint without using Reporting Services In Local Mode, you can; Render SharePoint Lists reports and Access reports (via Report Viewer) But you can’t: Render reports using other data extensions (i.e. SQL data sources, etc) Manage reports or its associated data source in SharePoint Central Admin configuration pages allows switching between Local and Connected Mode http://blogs.msdn.com/b/prash/archive/2010/04/26/integrating-ssrs-r2-rtm-with-sharepoint-2010-rtm.aspx The key here is that SSRS add in provides for local mode reporting Simply by switching modes from Local to Connected you can enable full SSRS reporting http://blogs.msdn.com/b/prash/archive/2010/04/26/integrating-ssrs-r2-rtm-with-sharepoint-2010-rtm.aspx The key here is that SSRS add in provides for local mode reporting Simply by switching modes from Local to Connected you can enable full SSRS reporting

    14. The why, when and how of Integration How to Integrate? One-step configuration within SharePoint Central Admin One place for configuring all SSRS integration (provided by SSRS Add-In) Add-In offers more “transparency” and SharePoint UI error reporting Before you perform the integration, some tips to grease the axels… Ensure SSRS service is running under a domain user account with local admin Once Integrated can be reverted back to local user with Content DB access Disable UAC for SSRS service account Setup SSRS in Native Mode first to ensure all “core plumbing” is working Connect to the SSRS Report Server site from SSRS Config Tool and all servers Once Integrated the SSRS Native Mode databases can be dropped Do not setup any BI Centre SharePoint sites until Integration is complete The SSRS add in actually adds the integration pages to SharePoint, they weren't there before. The Add-in creates a new Reporting Services section within the SharePoint Central Administration General Application Settings page A Report Server is implemented as a single Windows service that runs under a built-in account or a local or domain Windows user account. In SharePoint Integrated mode, the Report Server service account is provisioned appropriately to access to the SharePoint configuration and content database as well as SharePoint object model resources. This happens when configuring the Reporting Services integration with SharePoint via the Reporting Services Integration page The SSRS service account is the one that accesses the SharePoint databases, and note that SharePoint DOES NOT access the SSRS databases. So SSRS account needs access to SharePoint databases. Specifically it needs write and execute permissions http://technet.microsoft.com/en-au/library/bb326356.aspx Don’t use local built in accounts When you configure a report server to run in SharePoint integrated mode, the report server uses the authentication provider and permissions defined in the SharePoint Web application to control access to report server items and operations If the report server cannot access the SharePoint databases and there is a configuration error (for example, if the service accounts or passwords are not valid or if a local instance of the Windows SharePoint object model is not installed), an rsServerConfigurationError error occurs. For all other connection errors, the rsSharePointError error is returned, along with additional error information from the local SharePoint instance. For the setup of the BI Centre Site (from the BI Centre template), ensure this is done after integration else you need to manually configure some of the site particulars, such as manually adding the SSRS content types. It automatically sets up all of the contents etc but ONLY after SharePoint and SSRS are successfully integrated The SSRS add in actually adds the integration pages to SharePoint, they weren't there before. The Add-in creates a new Reporting Services section within the SharePoint Central Administration General Application Settings page A Report Server is implemented as a single Windows service that runs under a built-in account or a local or domain Windows user account. In SharePoint Integrated mode, the Report Server service account is provisioned appropriately to access to the SharePoint configuration and content database as well as SharePoint object model resources. This happens when configuring the Reporting Services integration with SharePoint via the Reporting Services Integration page The SSRS service account is the one that accesses the SharePoint databases, and note that SharePoint DOES NOT access the SSRS databases. So SSRS account needs access to SharePoint databases. Specifically it needs write and execute permissions http://technet.microsoft.com/en-au/library/bb326356.aspx Don’t use local built in accounts When you configure a report server to run in SharePoint integrated mode, the report server uses the authentication provider and permissions defined in the SharePoint Web application to control access to report server items and operations If the report server cannot access the SharePoint databases and there is a configuration error (for example, if the service accounts or passwords are not valid or if a local instance of the Windows SharePoint object model is not installed), an rsServerConfigurationError error occurs. For all other connection errors, the rsSharePointError error is returned, along with additional error information from the local SharePoint instance. For the setup of the BI Centre Site (from the BI Centre template), ensure this is done after integration else you need to manually configure some of the site particulars, such as manually adding the SSRS content types. It automatically sets up all of the contents etc but ONLY after SharePoint and SSRS are successfully integrated

    15. Demonstration How to Integrate SSRS and SharePoint What will we show? Where the SSRS integration mode pages are in SharePoint Run some reports while in Local Mode (i.e. Not integrated) How you can run a non-SQL SSRS report - success How you can run a SQL SSRS report - fails Step through how to integrate the products How you can run the same non-SQL SSRS report - success How you can run the same SQL SSRS report - success

    16. The why, when and how of Integration How does integration work? SSRS Native Mode - where is my content? ReportServerDB (reports/models, DS, snapshots, subscriptions, schedules, history, …) ReportServerTempDB (cache, …) SSRS SharePoint Integrated Mode - where is my content? ReportServerDB (………………………, ….., snapshots, subscriptions, schedules, history, …) ReportServerTempDB (cache, …) SharePoint ContentDB (reports/models, DS) http://technet.microsoft.com/en-au/library/bb283324.aspx http://technet.microsoft.com/en-au/library/bb283324.aspx

    17. The why, when and how of Integration How does integration work? (cont) Report Server synch SSRS DB with ContentDB on single report render requests To synch, SSRS web & windows services need to access SharePoint ContentDB Synch can fail when either database or server is offline There is no mass “auto-synch”, content is synch’d ONLY when requested Access of content that cannot be reconciled manifests as “rsItemNotFound” Report Server cleans up old & orphaned SSRS content daily, never on demand Only deletes obsolete content, does not synch missing or changed content Can configure frequency via “DailyCleanupMinuteofDay” in RSReportServer.config Swapping from Native Mode to SharePoint Integrated Mode What happens to my content that was in SSRS DB when in Native Mode? There is NO supported method to migrate data, must be redeployed into SharePoint The moral of the story is choose the right mode UP FRONT! Say SSRS DB is offline, but the products are still integrated, then you will get the rsItemNotFound error If you did a SSRS DB restore, the content is likely to be outdated, there’s no mass resynch, just item per item Cleanup task runs by default 2 am daily Cleanup task can key must be added to the Config file, it doesn't exist by default Cleanup has a minimum value of 30 and max of 1380 (23 hours) The value is # of minutes after 00:00 There’s no SUPPORTED way to move report data between native and SharePoint modes, easiest to redeploy reports, reconfigure schedules, redefine caching/snapshots etc. Started to look at a solution, however its picking at the database tables and content which is too risky - in particular for SharePoint Say SSRS DB is offline, but the products are still integrated, then you will get the rsItemNotFound error If you did a SSRS DB restore, the content is likely to be outdated, there’s no mass resynch, just item per item Cleanup task runs by default 2 am daily Cleanup task can key must be added to the Config file, it doesn't exist by default Cleanup has a minimum value of 30 and max of 1380 (23 hours) The value is # of minutes after 00:00 There’s no SUPPORTED way to move report data between native and SharePoint modes, easiest to redeploy reports, reconfigure schedules, redefine caching/snapshots etc. Started to look at a solution, however its picking at the database tables and content which is too risky - in particular for SharePoint

    18. Demonstration SSRS and SharePoint integration “under the covers” What will we show? Where is the content in SharePoint Content DB Where is the content in SSRS DB How is report data kept in synch between databases How does on-demand synch work How does auto-cleanup work

    19. Security Features and Configuration Overview Windows Integrated Authentication (Classic mode) Single server Multiple server Claims Based Authentication Single server Multiple server 12:15 handover12:15 handover

    20. Security Features and Configuration Windows Integrated Authentication Reasons to use Kerberos Delegated authentication – Service can impersonate client (“double hop”) More secure than NTLM Potentially better performance Less traffic than NTLM Mutual Authentication

    21. Windows Authentication - Kerberos How it works 1 min By using Windows Authentication and Kerberos, we can pass the user credentials across multiple servers in our farm. This means that not only can it go to reporting services, but where a report is configured to use a data connection also configured to use windows authentication, the credentials can pass through. This is not true in the Trusted account flow which we will discuss in a minute.1 min By using Windows Authentication and Kerberos, we can pass the user credentials across multiple servers in our farm. This means that not only can it go to reporting services, but where a report is configured to use a data connection also configured to use windows authentication, the credentials can pass through. This is not true in the Trusted account flow which we will discuss in a minute.

    22. Security Features and Configuration Configuring Kerberos Use domain service accounts (load balancing) Create Service Principal Names (SPNs) for: SharePoint Server(HOST): “SetSPN -S HTTP/Portal domain\AppPoolServiceAccount” SharePoint Server(FQDN): “SetSPN -S HTTP/Portal.msai.local domain\AppPoolServiceAccount SQL Server(HOST): “SetSPN -S MSSQLSvc/SQL01:1433 domain\SQLServiceAccount” SQL Server(FQDN): “SetSPN -S MSSQLSvc/SQL01.msai.local:1433 domain\SQLServiceAccount” Report Server(HOST): “SetSPN -S HTTP/ReportServer domain\SSRSServiceAccount” Report Server(FQDN): “SetSPN -S HTTP/ReportServer.domain.com domain\SSRSServiceAccount” Configure service accounts for constrained delegation Enable in IIS and SharePoint (also other services) In order for kerberos to work, there are a number of steps that you need to take. You need to have DNS configured correctly with an A record for each of the hosts that will use kerberos. (You can’t use C name aliases) You create the service accounts for use on the various servers in Active Directory. Then you need to configure a Service Principle Name for each service and host on the service accounts in AD. Think of an SPN as a “username” used to identify a program that is busy dealing with credentials. And we're only allowed to talk to this program using its “username”. Recap. An SPN is just a *name* that we've given to a "service" which is in the format of ServiceType/HostName and occasionally ServiceType/HostName:PortNumber. And it is set on which ever account is handling authentication for that service. I should also note that you as an administrator don’t get to pick whether you use a port. I used to think that maybe I could throw a port number on an SPN if I wanted to make it more secure. But it is the client application that has the decision built in on whether to use a port. One of the big mistakes people make is to duplicate the SPN in multiple accounts. This is not allowed and will break kerberos for that service. There are two new parameters for the SetSPN in Windows 2008. SetSPN –S checks for the existence of an SPN when it is set, and throws an exception if it does already exist. SetSPN –X will list duplicate SPNs You need to setSPNs for the Netbios and Fully qualified domain name. You should include the port number if you are running the service on a port other than 80. You can see in the slide that we have SetSPNs for the SharePoint WFEs, the SQL Server and the Reporting Services After you have set your SPNs, you need to configure constrained delegation on the service accounts. Effectively this is giving the service permission to delegate credentials to another service. You need to ensure that Kerberos is enabled in IIS and that Kernel mode is DISABLED. We’ll do a bit of a demo shortly about how you can troubleshoot this if you are having problems. http://blogs.iis.net/brian-murphy-booth/archive/2007/03/09/the-biggest-mistake-serviceprincipalname-s.aspx In order for kerberos to work, there are a number of steps that you need to take. You need to have DNS configured correctly with an A record for each of the hosts that will use kerberos. (You can’t use C name aliases) You create the service accounts for use on the various servers in Active Directory. Then you need to configure a Service Principle Name for each service and host on the service accounts in AD. Think of an SPN as a “username” used to identify a program that is busy dealing with credentials. And we're only allowed to talk to this program using its “username”. Recap. An SPN is just a *name* that we've given to a "service" which is in the format of ServiceType/HostName and occasionally ServiceType/HostName:PortNumber. And it is set on which ever account is handling authentication for that service. I should also note that you as an administrator don’t get to pick whether you use a port. I used to think that maybe I could throw a port number on an SPN if I wanted to make it more secure. But it is the client application that has the decision built in on whether to use a port. One of the big mistakes people make is to duplicate the SPN in multiple accounts. This is not allowed and will break kerberos for that service. There are two new parameters for the SetSPN in Windows 2008. SetSPN –S checks for the existence of an SPN when it is set, and throws an exception if it does already exist. SetSPN –X will list duplicate SPNs You need to setSPNs for the Netbios and Fully qualified domain name. You should include the port number if you are running the service on a port other than 80. You can see in the slide that we have SetSPNs for the SharePoint WFEs, the SQL Server and the Reporting Services After you have set your SPNs, you need to configure constrained delegation on the service accounts. Effectively this is giving the service permission to delegate credentials to another service. You need to ensure that Kerberos is enabled in IIS and that Kernel mode is DISABLED. We’ll do a bit of a demo shortly about how you can troubleshoot this if you are having problems. http://blogs.iis.net/brian-murphy-booth/archive/2007/03/09/the-biggest-mistake-serviceprincipalname-s.aspx

    23. Security Features and Configuration Claims Based Authentication What is it Provide a powerful abstraction for authentication Why use it Supported by SharePoint 2010 and SQL Server 2008 R2 Allows the augmentation of tokens with additional claims Configure with existing Kerberos environment Claims to Windows Token Service *Note that Reporting services is NOT claims aware Explain a little about Claims authentication and about how it extends what can be done. For example, SharePoint could be configured to provide permissions based on a claim such as the user is a ‘Manager’. It provides a lot more than just usernames and groups and also abstracts us away from the identity provider. SSRS is not claims aware. If you configure claims, it will still work, but will fall back to the trusted account flow. Let me illustrate what I mean.Explain a little about Claims authentication and about how it extends what can be done. For example, SharePoint could be configured to provide permissions based on a claim such as the user is a ‘Manager’. It provides a lot more than just usernames and groups and also abstracts us away from the identity provider. SSRS is not claims aware. If you configure claims, it will still work, but will fall back to the trusted account flow. Let me illustrate what I mean.

    24. Claims Based Authentication - Trusted Account Flow How it works

    25. Demonstration Troubleshooting Tips and Tools Powershell and PowerGUI (http://powergui.org) ADSIEdit SetSPN –X and SetSPN -S Klist Kerbtray Fiddler (http://www.fiddler2.com) Microsoft Network Monitor Wireshark (http://www.wireshark.org/) ULS Viewer (http://code.msdn.microsoft.com/ULSViewer) Let’s have a look at some tools you can use to help troubleshoot issues with your configuration. Powershell is your friend. If you are using SharePoint 2010, you should start getting used to using PowerShell. I am still getting to grips with it myself, but it is incredibly powerful. For example, I installed and configured the whole SharePoint environment for this demo using Powershell. There is a project on CodePlex called AutoSPInstaller which you can configure to do the installation for you. PowerGUI is a fantastic tool. It provides a much better IDE than the ISE that comes with Windows 2008 (in my opinion). You get intellisense, F5 debugging and it is free! I’ve mentioned the SETSPN commands –S and –X. Klist will allow you to see a list of ticktets on your machine and purge them if you want to Kerbtray is another utility allowing you to see what tickets have been issued Fiddler is a great tool which lets you look at your http traffic to and from your machine. You can use it to see what authentication is being used amongst other things ULS Viewer is a free download that allows you to interrogate existing log files or monitor in real time what is being written to the ULS (Unified Logging Service) Log. Reporting services events can now be logged to the SharePoint ULS logs Lets look a scenario. I have Kerberos currently configured and it is working fine. Let me intentionally create a duplicate SPN and see if we can break it. SetSPN –S to show you can’t add a duplicate Look at fiddler to show that kerberos is working SetSPN –a to show you can add a duplicate How can I trouble shoot this? First I’ll look at Klist to see what tickets I have Now I’ll use fiddler to look at the http traffic and check the authentication information So kerberos is not working and the browser has fallen back to NTLM. Our reports will still work because everything is on one machine. If it were a multi server environment it wouldn’t. Now I’ll use SetSPN –X to see if there are any duplicates There are, so I can go and remove the duplicate. I could open the account with ADSIEdit and remove it or use setspn Now lets have a quick look at ULS Viewer and configuring Reporting services to log to the ULS viewer. Let’s have a look at some tools you can use to help troubleshoot issues with your configuration. Powershell is your friend. If you are using SharePoint 2010, you should start getting used to using PowerShell. I am still getting to grips with it myself, but it is incredibly powerful. For example, I installed and configured the whole SharePoint environment for this demo using Powershell. There is a project on CodePlex called AutoSPInstaller which you can configure to do the installation for you. PowerGUI is a fantastic tool. It provides a much better IDE than the ISE that comes with Windows 2008 (in my opinion). You get intellisense, F5 debugging and it is free! I’ve mentioned the SETSPN commands –S and –X. Klist will allow you to see a list of ticktets on your machine and purge them if you want to Kerbtray is another utility allowing you to see what tickets have been issued Fiddler is a great tool which lets you look at your http traffic to and from your machine. You can use it to see what authentication is being used amongst other things ULS Viewer is a free download that allows you to interrogate existing log files or monitor in real time what is being written to the ULS (Unified Logging Service) Log. Reporting services events can now be logged to the SharePoint ULS logs Lets look a scenario. I have Kerberos currently configured and it is working fine. Let me intentionally create a duplicate SPN and see if we can break it. SetSPN –S to show you can’t add a duplicate Look at fiddler to show that kerberos is working SetSPN –a to show you can add a duplicate How can I trouble shoot this? First I’ll look at Klist to see what tickets I have Now I’ll use fiddler to look at the http traffic and check the authentication information So kerberos is not working and the browser has fallen back to NTLM. Our reports will still work because everything is on one machine. If it were a multi server environment it wouldn’t. Now I’ll use SetSPN –X to see if there are any duplicates There are, so I can go and remove the duplicate. I could open the account with ADSIEdit and remove it or use setspn Now lets have a quick look at ULS Viewer and configuring Reporting services to log to the ULS viewer.

    26. Session Summary What did we cover? What is new in Reporting Services and in Integration methodologies Discussed considerations for SharePoint and Reporting Services architectures Deep dive into the what’s, why’s, when’s and how’s of SharePoint integration Reviewed the various security features and options and their configuration Troubleshooting Tips 12:3012:30

    27. Question & Answer Session

    29. Resources

More Related