SSRS 2005 losing authentication - Error message 401.3 when changing report parameters
-
When I go to view a report I log in with my user and I am authenticated. The report comes up fine. However if change any of the parameters and hit view report then I'm prompted again for my credentials 3 times then end up with this 401.3 error.
When I inspect the log there is no further details, it simply states this user is not authorized for this action but doesn't tell me the action.
I've seen in 2008 there is a rsreportserver.config parameter called
. Is there a 2005 equivalent? I've tried changing the IIS authorization on that virtual directory between Windows Integrated, to Basic to Digest Local but the all have the same outcome. This seems to be a ssrs permission issue and I would guess there is a setting in the .config file. Or its some type of file system permissions I just can't figure out which object due to the lack of details in the error log.
I've been looking into this for a couple weeks now and I am at a loss! Any help would be greatly appreciated. For instance, can I turn on more verbose error logging in ssrs? Thank you in advance.
-
I believe it might be a permission issue at the file system level because if I log in as an administrator, this issue does not occur. With my regular user and all permissions turned on in report manager this issue still happens.
From the rsreportserver.config (default)
-
Is the Identity for the application pool still running as Network Service? Are you seeing any audit failures corresponding to your normal user account in the Security event log on the server? Are you seeing the Audit Successes? If so, do you see any audit failures? Do you see any events in the system or application event logs that seem to correspond?
K. Brian Kelley
@kbriankelley -
Identity for the application pool is network service.
As for the event viewer, yes I'm seeing audit failures now, but only if I run the report locally on the report server machine. And the behavior/error is different. On the local machine I don't get the first initial authentication and first view of the report. It errors out with a 401.1. Error is below (i tried it 10 times to make sure there was no password typo)
Logon Failure:
Reason:An error occurred during logon
User Name:test
Domain:art
Logon Type:3
Logon Process:Ðù1àO
Authentication Package:NTLM
Workstation Name:SQL2005-2
Status code:0xC000006D
Substatus code:0x0
Caller User Name:-
Caller Domain:-
Caller Logon ID:-
Caller Process ID:-
Transited Services:-
Source Network Address:x.x.x.x
Source Port:2465
when its not run on the local machine it behaves as described in my earlier post, first login works, any change in parameters results in a 401.3 and there are no audit failures associated with it.
I see no audit successes.
In application area I'm seeing this, but its not occuring in unison with the logon failure audits.
Event code: 4008
Event message: File authorization failed for the request.
Event time: 4/20/2009 9:00:46 AM
Event time (UTC): 4/20/2009 4:00:46 PM
Event ID: 57649f42cbca4e60a56db4dcb0e5db50
Event sequence: 1223
Event occurrence: 6
Event detail code: 0
Application information:
Application domain: /LM/W3SVC/1/Root/ReportServer-1-128847153432031250
Trust level: RosettaSrv
Application Virtual Path: /ReportServer
Application Path: c:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\
Machine name: SQL2005-2
Process information:
Process ID: 5860
Process name: w3wp.exe
Account name: NT AUTHORITY\NETWORK SERVICE
Request information:
Request URL: http..................
Request path: /ReportServer/Pages/ReportViewer.aspx
User host address:
User: ART\test
Is authenticated: True
Authentication Type: Negotiate
Thread account name: ART\test
added read permission to everyone on the application path and that fixed the problem!
Normally I'd think that is a security concern, except that you can't actually see a report directly in the folder so you must go through ssrs built in security to acutally view the data.
Thank you for pointing me in the right direction!
-
Does he have rights to the Item Level Task: 'Manage Reports', that grants rights to change parameters. http://msdn.microsoft.com/en-us/library/ms160344(SQL.90).aspx
Try it out.
"Software changes. This is a rather obvious statement, but it is a fact that must be ever present in the minds of developers and architects. Although we tend to think of software development as chiefly an engineering exercise, the analogy breaks down very quickly. When was the last time someone asked the designers of the Empire State building to add ten new floors at the bottom, put a pool on the top, and have all of this done before Monday morning? " : Doug Purdy, Microsoft Corporation
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply