I recently encountered this error while configuring SQL Reporting Services for deep integration with SharePoint. The error would show up whenever we clicked on the “Set Server Defaults” link in the Central Administration site. Other than the error message, we didn’t have much to go with. Looking through the SharePoint Logs and the IIS logs on the report server we noticed a number or 401 errors that coincided in time. We figured it must have had something to do with the configuration of the Report Server Website, and tried to access it via the browser. In doing so we encountered another error, this time in the browser; “HTTP Error 401.1 – Unauthorized: Access is denied due to invalid credentials”. Searching the web for that error lead to the following article (and the solution to the error): You receive an HTTP Error 401.1 – “Unauthorized: Access is denied due to invalid credentials” error message when you try to access a Web site that is part of an IIS 6.0 application pool. The article presents a couple of options, both made the error go away (I recreated the problem and tried both solutions)

The first option consists in setting up an SPN with the NetBIOS name and the fully qualified domain name (FQDN) of the server and the domain user account that the application pool is running under; assuming your SQL Reporting Services App Pool account is a domain account. You’ll need to install the “Windows Server 2003 Support Tools” that are included on your Windows Server 2003 CD before you can setup your SPNs; these can be installed on any server in the domain. Once installed, run the following commands in the command prompt:

setspn.exe -a http/ DomainName\<UserName>
setspn.exe -a http/ DomainName\<UserName>

Where:

  • is the NetBIOS name of the IIS server running the SQL Reporting Services report server (example: MySSRSServer01)
  • is the fully qualified name of the same server
    (example: MySSRSServer01.domain.com)
  • is the username of the SSRS report server application pool identity

The second option requires you to force IIS to use NTLM as your authentication mechanism on you SQL Reporting Servers Web Server. Keep in mind that going with this option will make NTLM the default Integrated Authentication Mechanism for all of the sites in that server. To do this, follow these steps on the SQL Reporting Servers Web Server:

  1. Locate and then change to the directory that contains the Adsutil.vbs file. By default, this directory is C:\Inetpub\Adminscripts.
  2. Type the following command, and then press ENTER:
    cscript adsutil.vbs set w3svc/NTAuthenticationProviders “NTLM”
Advertisements