Prologika Forums
Making sense of data

HOW TO: Configure SSRS 2008 for SSL

rated by 0 users
Answered (Verified) This post has 1 verified answer | 7 Replies | 1 Follower

Top 10 Contributor
138 Posts
wgpubs posted on Fri, Jun 5 2009 7:33 PM

Hi Teo,

I'm having a slew of problems trying to configure my ssrs 2008 install to force ssl connections.  I think I've followed the directions in the book but I'm now getting a "HTTP Error 503. The service is unavailable" error whenever I navigate to https://<myserver>/Reports.  I can successfully navigate to https://<myserver>/ReportServer.

Here is my set up:

1.  ServiceAcount : Using "NetworkService"

2.  Web Service URL:  I have both TCP Port 80 and SSL Port 443 configured

3.  Report Manager URL:  I have removed the default port 80 URL and have ONLY included SSL port 443

 

I have also set the "SecureConnectionLevel" = "3" in the rsreportserver.config

Am I missing something???

Thanks - Wayde

 

Answered (Verified) Verified Answer

Top 10 Contributor
2,300 Posts
Verified by wgpubs

The request doesn't even reach the report server. You don't get any error messages in the RS log, do you? Does it work if you switch to Basic Authentication? In rsreportserver.config change:

 <AuthenticationTypes>
 <RSWindowsNegotiate/>
 <RSWindowsNTLM/>
</AuthenticationTypes>

to

 <AuthenticationTypes>
 <RSWindowsBasic/>
</AuthenticationTypes>

Also, although this doesn't seem to apply to your configuration as Report Manager is not Internet-facing, in the Report Manager web.config file, try adding the following element:

<configuration>
...
<system.net>
  <defaultProxy enabled="false" />
</system.net>
</configuration>

All Replies

Top 10 Contributor
138 Posts

UPDATE: 

Still not working but resolved that error message by cleaning up the http endpoint via netsh.

Now it appears the the Report Mgr is running but giving me this error:

"The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel."

Top 10 Contributor
138 Posts
wgpubs replied on Sat, Jun 6 2009 12:18 AM

UPDATE 2:

I went into the rsreportserver.config file and modified the <ReportServerUrl> element (it was empty before to:

<ReportServerUrl>https://<hostname>/ReportServer</ReportServerUrl>

We are using a wildcard SSL cert (e.g. *.company.com)

Now I get this exception:

The request failed with HTTP status 401: Unauthorized.

This is starting to drive me nuts!  RS can't be this insane to set up ... can it?

Top 10 Contributor
2,300 Posts
Verified by wgpubs

The request doesn't even reach the report server. You don't get any error messages in the RS log, do you? Does it work if you switch to Basic Authentication? In rsreportserver.config change:

 <AuthenticationTypes>
 <RSWindowsNegotiate/>
 <RSWindowsNTLM/>
</AuthenticationTypes>

to

 <AuthenticationTypes>
 <RSWindowsBasic/>
</AuthenticationTypes>

Also, although this doesn't seem to apply to your configuration as Report Manager is not Internet-facing, in the Report Manager web.config file, try adding the following element:

<configuration>
...
<system.net>
  <defaultProxy enabled="false" />
</system.net>
</configuration>

Top 10 Contributor
138 Posts

Thanks Teo ... I made both of the modifications you suggested above and everything seems to be working now.  A few follow-up questions:

1.  Are all the configuration steps I followed in my first 3 postings necessary and valid for what I'm trying to do (e.g. force SSL for both Report Manager and the Report web service)?

2.  Why does RSWindowsBasic work and the other options do not?  

3.  For the 401 error, I was getting messages in my rs log.  Here it is in all its glory:
 

webserver!ReportServer_0-9!94c!06/07/2009-15:18:44:: i INFO: Reporting Web Server started

library!ReportServer_0-9!94c!06/07/2009-15:18:44:: e ERROR: Throwing Microsoft.ReportingServices.Diagnostics.Utilities.InternalCatalogException: An internal error occurred on the report server. See the error log for more details., ;

 Info: Microsoft.ReportingServices.Diagnostics.Utilities.InternalCatalogException: An internal error occurred on the report server. See the error log for more details. ---> System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

   at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)

   at RSRemoteRpcClient.Utilities.InstanceNameFromInstanceID(String instanceID)

   at Microsoft.ReportingServices.Diagnostics.RSConfiguration.get_InstanceName()

   at Microsoft.ReportingServices.Diagnostics.Utilities.RSEventLog.AddInstanceToSourceName(String sourceFormat)

   at Microsoft.ReportingServices.Diagnostics.Utilities.RSEventLog.Init()

   at Microsoft.ReportingServices.Diagnostics.Globals.Init(RSConfigurationManager configManager, RunningApplication app, Boolean resetAllPerfCounters)

   at Microsoft.ReportingServices.Diagnostics.Globals.Init(RSConfigurationManager configManager, RunningApplication app)

   at Microsoft.ReportingServices.WebServer.Global.RunOnlyOnceStartReportServer()

   at Microsoft.ReportingServices.WebServer.Global.StartApp()

   at Microsoft.ReportingServices.WebServer.Global.Application_BeginRequest(Object sender, EventArgs e)

   --- End of inner exception stack trace ---

webserver!ReportServer_0-7!6e4!06/07/2009-15:18:49:: i INFO: Reporting Web Server stopped

library!ReportServer_0-9!94c!06/07/2009-15:18:49:: i INFO: Exception InternalCatalogException dumped to:  flags= Default

library!ReportServer_0-9!94c!06/07/2009-15:18:49:: Unhandled exception was caught: System.IO.FileLoadException: Could not load file or assembly 'System.Web.Services, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' or one of its dependencies. Access is denied.

File name: 'System.Web.Services, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' ---> System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

   at Microsoft.ReportingServices.WebServer.ReportServiceHttpHandler.WriteExceptionAsHtml(TextWriter responseWriter, Exception exceptionToDisplay, Int32 code, String optionalMessage)

   at Microsoft.ReportingServices.WebServer.ReportServiceHttpHandler.WriteErrorResponse(Int32 code, String shortHttpDescription, Exception exception, String optionalMessage, Boolean errorResponseAsXml)

   at Microsoft.ReportingServices.WebServer.ReportServiceHttpHandler.WriteErrorResponse(Int32 code, String shortHttpDescription, Exception exception, Boolean errorResponseAsXml)

   at Microsoft.ReportingServices.WebServer.Global.WriteServerError(Exception e)

   at Microsoft.ReportingServices.WebServer.Global.Application_BeginRequest(Object sender, EventArgs e)

   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()

   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

 

 

library!ReportServer_0-9!94c!06/07/2009-15:18:49:: e ERROR: Throwing Microsoft.ReportingServices.Diagnostics.Utilities.InternalCatalogException: An internal error occurred on the report server. See the error log for more details., ;

 Info: Microsoft.ReportingServices.Diagnostics.Utilities.InternalCatalogException: An internal error occurred on the report server. See the error log for more details. ---> System.IO.FileLoadException: Could not load file or assembly 'System.Web.Services, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' or one of its dependencies. Access is denied.

File name: 'System.Web.Services, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' ---> System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

   at Microsoft.ReportingServices.WebServer.ReportServiceHttpHandler.WriteExceptionAsHtml(TextWriter responseWriter, Exception exceptionToDisplay, Int32 code, String optionalMessage)

   at Microsoft.ReportingServices.WebServer.ReportServiceHttpHandler.WriteErrorResponse(Int32 code, String shortHttpDescription, Exception exception, String optionalMessage, Boolean errorResponseAsXml)

   at Microsoft.ReportingServices.WebServer.ReportServiceHttpHandler.WriteErrorResponse(Int32 code, String shortHttpDescription, Exception exception, Boolean errorResponseAsXml)

   at Microsoft.ReportingServices.WebServer.Global.WriteServerError(Exception e)

   at Microsoft.ReportingServices.WebServer.Global.Application_BeginRequest(Object sender, EventArgs e)

   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()

   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

 

 

   --- End of inner exception stack trace ---

library!ReportServer_0-9!94c!06/07/2009-15:18:52:: i INFO: Exception InternalCatalogException dumped to:  flags= Default

ui!ReportManager_0-8!8f4!06/07/2009-15:18:52:: e ERROR: The request failed with HTTP status 401: Unauthorized.

ui!ReportManager_0-8!8f4!06/07/2009-15:18:52:: e ERROR: HTTP status code --> 500

-------Details--------

System.Net.WebException: The request failed with HTTP status 401: Unauthorized.

   at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)

   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)

   at Microsoft.SqlServer.ReportingServices2005.ReportingService2005.ListSecureMethods()

   at Microsoft.SqlServer.ReportingServices2005.RSConnection.ValidateConnection()

   at Microsoft.ReportingServices.UI.Global.SecureAllAPI()

   at Microsoft.ReportingServices.UI.ReportingPage.EnsureHttpsLevel(HttpsLevel level)

   at Microsoft.ReportingServices.UI.ReportingPage.ReportingPage_Init(Object sender, EventArgs args)

   at System.EventHandler.Invoke(Object sender, EventArgs e)

   at System.Web.UI.Control.OnInit(EventArgs e)

   at System.Web.UI.Page.OnInit(EventArgs e)

   at System.Web.UI.Control.InitRecursive(Control namingContainer)

   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

webserver!ReportServer_0-9!94c!06/07/2009-15:18:52:: i INFO: Reporting Web Server started

resourceutilities!ReportServer_0-9!94c!06/07/2009-15:18:53:: i INFO: Reporting Services starting SKU: Standard

resourceutilities!ReportServer_0-9!94c!06/07/2009-15:18:53:: i INFO: Evaluation copy: 0 days left

resourceutilities!ReportServer_0-9!94c!06/07/2009-15:18:53:: i INFO: Running on 2 physical processors, 2 logical processors

runningjobs!ReportServer_0-9!94c!06/07/2009-15:18:53:: i INFO: Running Requests Scavenger timer enabled: Next Event: 60 seconds.  Cycle: 60 seconds

runningjobs!ReportServer_0-9!94c!06/07/2009-15:18:53:: i INFO: Running Requests DB timer enabled: Next Event: 60 seconds.  Cycle: 60 seconds

runningjobs!ReportServer_0-9!94c!06/07/2009-15:18:53:: i INFO: Memory stats update timer enabled: Next Event: 60 seconds.  Cycle: 60 seconds

library!ReportServer_0-9!94c!06/07/2009-15:18:53:: Unhandled exception was caught: System.NullReferenceException: Object reference not set to an instance of an object.

   at Microsoft.ReportingServices.Diagnostics.Globals.EndRequestContext()

   at Microsoft.ReportingServices.WebServer.Global.Application_EndRequest(Object sender, EventArgs e)

   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()

   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

library!ReportServer_0-9!94c!06/07/2009-15:18:53:: e ERROR: Throwing Microsoft.ReportingServices.Diagnostics.Utilities.InternalCatalogException: An internal error occurred on the report server. See the error log for more details., ;

 Info: Microsoft.ReportingServices.Diagnostics.Utilities.InternalCatalogException: An internal error occurred on the report server. See the error log for more details. ---> System.NullReferenceException: Object reference not set to an instance of an object.

   at Microsoft.ReportingServices.Diagnostics.Globals.EndRequestContext()

   at Microsoft.ReportingServices.WebServer.Global.Application_EndRequest(Object sender, EventArgs e)

   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()

   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

   --- End of inner exception stack trace ---

Top 10 Contributor
2,300 Posts

1. I believe so.

2. I am not sure what your setup is but it looks like the Report Manager doesn't propage the user identity to the report server. Are they on the same machine? Do you use a proxy? I've heard of an issue where a proxy won't work with Windows integrated security.

3. With SSRS 2008 actually this makes sense since the server is self-hosted and IIS is not used.

Top 10 Contributor
138 Posts
wgpubs replied on Mon, Jun 8 2009 12:38 AM

re: 2

Yes, both Report Manager and Report Server are on the same box.  I'm not using a proxy (should I???).

Is it possible to have Report Manager access the Report Server via a specific credential?  I'm thinking of a typical asp.net application where you do your authentication/authorization in it ... but have database requests made under a single identity to enable connection pooling and make it a bit easier to configure security in the DB.

Thanks - wg

btw, what is RSWindowsBasic?  How is it different from the other two option?

Top 10 Contributor
2,300 Posts

RSWindowsBasic is Basic Authentication that many Internet-faciing sites that use Windows authentication use coupled with SSL. By default, Report Manager is configured to impersonate the user <identity impersonate=true/> in the Report Manager web.config. I don't know if it will work if you remove it. If it does, that all requests to the report server will be made under the Report Manager web application identity, such as ASPNET.

By "proxy" I meant if your oganization requires you to configure the browser to use a proxy server.

Page 1 of 1 (8 items) | RSS