The request failed with HTTP status 401: Unauthorized - by mivchik

Status : 

  Fixed<br /><br />
		This item has been fixed in the current or upcoming version of this product.<br /><br />
		A more detailed explanation for the resolution of this particular item may have been provided in the comments section.

Sign in
to vote
ID 323214 Comments
Status Closed Workarounds
Type Bug Repros 3
Opened 1/21/2008 6:18:45 AM
Access Restriction Public


RSReportServer.config file stores settings that are used by Report Manager, the Report Server Web service, and background processing. 
This file contains Autentification area which specifies one or more authentication types accepted by the report server.
Some our reports need access to external data sources with credentials of user who runs the report, so we need Kerberos authentication - RSWindowsKerberos .
We modified Autentification area in RSReportServer.config file 


When administrator opens report manager site he gets message “The request failed with HTTP status 401: Unauthorized”. 
The same behavior is noticed with only <RSWindowsKerberos/> parameter without RSWindowsNTLM.

With <RSWindowsNegotiate/> parameter administrator gets enter login\password window and after entering them he is prompted again for them.

With only <RSWindowsNTLM/> everything works fine:

In the same network Domain is situated Reporting Server 2005. It works fine with Kerberos and allows double-hop authentication to external data sources.
Sign in to post a comment.
Posted by Dan Thompson (LeedsDBA) on 6/29/2014 at 3:27 PM
SQL 2012 Standard

SSRS with Domain account for service

SETSPN -S http/ServerName DomainName\UserAccount
SETSPN -S http/ServerName.DomainName.local DomainName\UserAccount

...applied. Getting 401 Unauthorized error still.

Authentication configured as follows:

I have restarted the SSRS service
Posted by vimas on 7/30/2013 at 9:01 AM
even though we did this all(Kerberos), ocassionaly we are prompted for credentials with 401 Unauthorized error.SSRS Log does not help much. how do we track this in SSRS 2012 version.
Posted by J.Spraul on 3/26/2011 at 3:40 PM
Note that this can still occur when accessing reporting services on localhost through remote desktop.

The resolution there was to generate a new SID and re-add the machine to the domain.
Posted by Microsoft on 4/24/2008 at 10:28 AM
The change will appear in SQL 2008 RC0.

The SPN requirement has been documented in the Books Online topic: "How to: Configure Windows Authentication in Reporting Services" (

Please let us know if there are further issues.

Posted by Microsoft on 2/11/2008 at 11:36 AM
We have modified setup to disable Negotiate authetication when a domain account is chosen as the service account. You can re-enable Negotiate by editing the RSReportServer.config file once a SPN has been configured.

This change will appear in a future CTP.

Posted by Microsoft on 1/24/2008 at 9:29 AM
Most likely the problem is that the RS service is running as a domain account and an SPN must be registered for that account. The easiest workaround is to run RS as NetworkService. If you must use a domain account, then note that if IIS is running on the same machine then RS must use the same account as IIS. If you do not need IIS on the same machine, then you should use the setspn.exe utility to register a SPN (requires domain administrator privileges). The syntax for setspn is:

setspn –A http/MyHostName MyDomain\MyRSAccount
setspn –A http/ MyDomain\MyRSAccount

Hope this helps,