The request failed with HTTP status 401: Unauthorized

The request failed with HTTP status 401: Unauthorized by mivchik

Closed

as Fixed

Type:	Bug
ID:	323214
Opened:	1/21/2008 6:18:45 AM
Access Restriction:	Public

Workaround(s)

view

User(s) can reproduce this bug

RSReportServer.config file stores settings that are used by Report Manager, the Report Server Web service, and background processing.
This file contains Autentification area which specifies one or more authentication types accepted by the report server.
Some our reports need access to external data sources with credentials of user who runs the report, so we need Kerberos authentication - RSWindowsKerberos .
We modified Autentification area in RSReportServer.config file

<Authentication>
     <AuthenticationTypes>
         <RSWindowsKerberos/>
         <RSWindowsNTLM/>
     </AuthenticationTypes>
     <EnableAuthPersistence>true</EnableAuthPersistence>
</Authentication>

When administrator opens report manager site he gets message “The request failed with HTTP status 401: Unauthorized”.
The same behavior is noticed with only <RSWindowsKerberos/> parameter without RSWindowsNTLM.

With <RSWindowsNegotiate/> parameter administrator gets enter login\password window and after entering them he is prompted again for them.

With only <RSWindowsNTLM/> everything works fine:
<Authentication>
     <AuthenticationTypes>
         <RSWindowsNTLM/>
     </AuthenticationTypes>
     <EnableAuthPersistence>true</EnableAuthPersistence>
</Authentication>

In the same network Domain is situated Reporting Server 2005. It works fine with Kerberos and allows double-hop authentication to external data sources.

Details (expand)

English

SQL Server 2008 November CTP

Reporting Services

Win2003 Enterprise Server (SP2)

US English

Look the description

When administrator opens report manager site he gets message “The request failed with HTTP status 401: Unauthorized”.

opens report manager site without errors

X64

0 attachments

Posted by J.Spraul on 3/26/2011 at 3:40 PM

Note that this can still occur when accessing reporting services on localhost through remote desktop.

The resolution there was to generate a new SID and re-add the machine to the domain.

http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/2f13a63c-8a09-4fc1-876c-70f0e0f3ba01/

Posted by Microsoft on 4/24/2008 at 10:28 AM

The change will appear in SQL 2008 RC0.

The SPN requirement has been documented in the Books Online topic: "How to: Configure Windows Authentication in Reporting Services" (http://msdn2.microsoft.com/en-us/library/cc281253(SQL.100).aspx).

Please let us know if there are further issues.

-Albert

Posted by Microsoft on 2/11/2008 at 11:36 AM

We have modified setup to disable Negotiate authetication when a domain account is chosen as the service account. You can re-enable Negotiate by editing the RSReportServer.config file once a SPN has been configured.

This change will appear in a future CTP.

Thanks,
Albert

Posted by Microsoft on 1/24/2008 at 9:29 AM

Most likely the problem is that the RS service is running as a domain account and an SPN must be registered for that account. The easiest workaround is to run RS as NetworkService. If you must use a domain account, then note that if IIS is running on the same machine then RS must use the same account as IIS. If you do not need IIS on the same machine, then you should use the setspn.exe utility to register a SPN (requires domain administrator privileges). The syntax for setspn is:

setspn –A http/MyHostName MyDomain\MyRSAccount
setspn –A http/MyHostName.Mydomain.Mycorp.com MyDomain\MyRSAccount

Hope this helps,
Albert