My opening description is as follows:. Microsoft does allow connections using Kerberos to connect using the "Double Hop". A typical Scenario where you would connect through the "Double Hop" would be by using a linked server. Run the following code on your backend SQL server to determine whether the connections to the server are using kerberos or not.
Thanks I don't have permission to run that script but I'll see if I can get someone to tell me or run it. You must be logged in to reply to this topic. Login to reply. Post reply. Trusted and single domains are a requirement for passing Windows credentials. Credentials can be passed more than one time if you enable the Kerberos version 5 protocol for your servers. Otherwise, credentials can be passed only one time before they expire. For more information about configuring credentials for multiple computer connections, see Specify Credential and Connection Information for Report Data Sources.
The following instructions are intended for a native mode report server. If the report server is deployed in SharePoint integrated mode, you must use the default authentication settings that specify Windows integrated security.
The report server uses internal features in the default Windows Authentication extension to support report servers in SharePoint integrated mode. The SQL Server feature supports the use of channel binding and service binding to enhance protection of authentication. The Reporting Services features need to be used with an operating system that supports Extended Protection. Reporting Services configuration for extended protection is determined by settings in the RSReportServer.
Copy one of the following XML structures that best fits your needs. You should enable authentication persistence if you want to authenticate the connection rather than each individual request. Under authentication persistence, all requests that require authentication will be allowed for the duration of the connection.
The third XML structure specifies all of the security packages that are used in Windows integrated security:. Modify as appropriate the settings for extended protection. Extended protection is disabled by default. If these entries are not present, the current computer may not be running a version of Reporting Services which supports extended protection. If you configured a scale-out deployment, repeat these steps for other report servers in the deployment.
On a report server that is configured for Negotiate or Kerberos authentication, a client connection to the report server will fail if there is a Kerberos authentication error. Kerberos authentication errors are known to occur when:.
The browser chooses Kerberos over NTLM in the authentication header in the request it sends to the report server. Sign up or log in Sign up using Google. Sign up using Facebook.
Sign up using Email and Password. Post as a guest Name. Email Required, but never shown. The Overflow Blog. Podcast Making Agile work for data science. Stack Gives Back Featured on Meta. New post summary designs on greatest hits now, everywhere else eventually. Related Hot Network Questions. Question feed. Stack Overflow works best with JavaScript enabled.
Accept all cookies Customize settings.
0コメント