Setting up Windows Authentication In Reporting Services Using Kerberos

Question

Hi, I have yet another problem with Reporting services. Finally I was able to set the ball rolling, achieving success in configuring reporting services with a domain user account. Now I have a problem accessing the server from another machine (in the same domain) using Integrated Windows Authentication in IIS 6.0.

I have never had problems with this on networks using NT Authentication, but this is the first time our network is set up to use Kerberos. Here are my IIS settings -

1. Reports (Manager) & ReportServer Virtual directories under Default Website,
2. Both these are configured to run with Integrated Windows Authentication..Anonymous access turned OFF.
3. Reporting Services Windows Service runs under Network service account and Web Service under a domain user account.

Note - If I turn on Basic Authentication, it works fine, exceeding all my expectations, but this is not something I want.

Any help is appreciated.

Thanks Vineet

Answer 1

Found it out, it works just like NT Authentication with three additional steps -

To use Kerberos, you need to consider these specific details:

You must run the client and server computers on Windows 2000 or later, and they must be in a Windows 2000 or later domain. 1. You must enable the client's user account for delegation. 2. You must enable the service's account for delegation. 3. You must enable participating computers for delegation.

Above solution is an abstract from Microsoft's website, here is the link - http://msdn.microsoft.com/en-us/library/aa292114(VS.71).aspx

I got this setup and mine is working fine, though I have already asked network guys to change this to NT, since it is easy to maintain in longer run and saves pain of setting up delegation (must for Kerberos) for each individual user.

Cheers!!