DEVHIDE
Login Or Sign up

SSRS - Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON' - As user viewing the report

4.8k Views Asked by At

I'm trying to set a report in Report Server (SQL Server 2017 Reporting Services 14.0.600.1669) that use the Windows credentials of the user who is viewing the report to query the datasource (SQL Server 2017 14.0.3430.2).

The report is deployed and works correctly if I choose to specify static WAuth credentials in the datasource (Test connection success):

enter image description here

If I choose to ask the user for Windows credentials it works fine too:

enter image description here

BUT when I choose to access the data source as the user viewing the report (ME, with the same WAuth) I'm reciving the error:

Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

So it seems to not be using my user but another service account. I've tried both with Microsoft Edge (IE 11 Compatibility Mode) and Chrome with the same result.

I'm not the person who have installed/configured this Report Server.

Can someone help me to find out what could be the problem/suggest what to check?

Thanks!

reporting-services power-bi-report-server ssrs-2017
Original Q&A
2

There are 2 best solutions below

0
On BEST ANSWER

So, it seems it really was a double-hop authentication issue wich i managed to resolve with the help of IT. I don't know a lot about AD or Kerberos but this guide has been pretty helpful for me and IT to catch and resolve the missing configurations.

0
On

Since Chrome version 86, for Chromium Edge and Chrome, you need to add a registry key to enable Kerberos for the browser (to enable double-hop).

The full steps/checklist to enable pass thru authentication for SSRS:

  1. run SSRS service as the built-in virtual account. If you run it as a domain service account, you need to make sure a SPN is created for the service (HTTP/your_SSRS_server_name).
  2. change Delegation property of the SSRS server machine to "Trust this computer to any service (Kerberos only)". or you can specify the SSRS service to delegate.
  3. add RSWindowsNegotiate to your SSRS report config file
  4. verify your SSRS web.config's authentication mode is Windows and identity impersonate is true
  5. make sure end user's property "Account is sensitive and cannot be delegated" is not checked, and has proper access to the report and all related SQL databases.
  6. Now the key is: add two registry keys on end user's machine:
    HKLM\SOFTWARE\Policies\Microsoft\Edge\AuthNegotiateDelegateAllowlist HKLM\SOFTWARE\Policies\Google\Chrome\AuthNegotiateDelegateAllowlist
    the value of this key should be the SSRS server name.
    Note this has to be on the end user's machine, not on the SSRS server machine.

Related Questions in REPORTING-SERVICES

Related Questions in POWER-BI-REPORT-SERVER

Related Questions in SSRS-2017

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.