I just installed SQL 2012 Enterprise on a laptop running windows 10 Pro x64.
When I try to execute my SSRS reports from the report manager, I always get the same error:
An error has occurred during report processing. (rsProcessingAborted)
Cannot impersonate user for data source 'DataSource1'. (rsErrorImpersonatingUser)
Log on failed. Ensure the user name and password are correct. (rsLogonFailed)
The user name or password is incorrect
I am using integrated windows authentication with a domain account.
The domain account can log on through SSMS and can access the databases with no issue and run queries.
I have also tried using a local SQL account and password but with the same result - The username or password is incorrect, yet this account works through SSMS and is able to execute queries and such.
When i click the Test Connection button in SSRS datasource configuration, it states the connection was created successfully. (I have included a shot of what I am talking about in the uploaded image)
After googling, people stated that the account that is being used to connect to the database using windows impersonation had to have log on locally permissions, so I added the account through local security Policy, but it made no difference.
Another blog stated the SSRS Service account had to also be granted log on locally permissions - so I granted it the log on locally permission as well. Still to no avail.
I have also tried disabling the windows firewall and connecting to both the machine name and localhost just in case there was some screwy rules regarding localhost - still with the same result.
Other people suggested the execution account in SSRS manager needed be disabled. I didn't set this up initially - but set the account up just in case it had something to do with it - still with the same error then removed it again still with the same error.
Can anyone offer any other suggestions as to what might be the cause and how I might fix this?
Many thanks and Cheers
Rod.
OK - managed to work out the problem and a workaround. But it doesn't actually solve the problem.
Problem is Chrome and IE11 wont update the Reports web site when managing datasources. Even when launched as administrator, the SSRS management interface site does not appear to save the changes. Edge is just a joke so don't even bother with that one.
Now - I figured Microsoft has broken something which SSRS interface needs in windows 10, so I logged onto a Windows 7 machine and using IE11, was able to navigate to report manager site, update the credentials (windows and SQL Server credentials) and the reports run.
Confirmed this by trying to change the credentials back on windows 10 and it immediately broke the reports again. Set the credentials back in Win 7 and it corrected the reports.
So if you are using windows 10 and are having issues configuring credentials for SSRS reports, try logging in from a windows 7 machine and set through IE on that machine.
EDIT: IE11 works on older windows 10 build (enterprise) , latest build (Pro) seems to be broken.
Cheers
Rod.
If you have specified an unattended execution account, SSRS flip-flops between impersonating it and the identity specified in your data source during the rendering process. If you use an unattended execution account, you’ve got to keep the password up-to-date.
You could also choose not to use the unattended execution account at all, which may also solve your problem. For more detail see http://blogs.msdn.com/b/bimusings/archive/2006/08/16/702490.aspx
Simply,
Go to Report Configuration Manager
Go to Excution Account
Enter Domain\UserAccount [User Account is your windows User]
Enter Password [Windows Password]
Save and you are good to go
Related
I have a simple EF Code First project that has to create a database in my local SQL server if it doesn't exist. However, when I try to debug my application I get the error:
Cannot open database "<Database>" requested by the login. The login failed.
Login failed for user 'MicrosoftAccount\someone#me.com'.'
I somewhat understand that because I login to Windows with my Microsoft account.
So I changed my connection string from using integrated security to username and password.
I made sure the user is created on the SQL server (Login & sysadmin rights) but it still fails when I debug in Visual Studio.
So..... I build the project and ran the application directly via the exe file and everything works. But I want to understand why it doesn't work with the debugger.
Have I missed something obvious here?
So I found the problem.
My local Windows account was paired with my Microsoft account. For some reason Visual Studio sends my Microsoft account to the SQL server to authenticate even when run under specific local credentials.
My solution was to create anew local user on my workstation with NO assosiated MS account.
I made the account member of Administrators and gave it permission to the SQL server then everything was fine...
Please ensure the server and database name are specified correctly in connection string. I had a typo, and got the error.
I guess that the debugger runs with different credentials (or could be set to do so). Especially if your account is not admin.
Maybe this helps: https://blogs.msdn.microsoft.com/greggm/2008/05/15/visual-studio-remote-debugger-service-user-account-requirements/
I have a .NET MVC project that gets its data from a SQL database.
When I run the project in debug mode on my local machine, it runs without error; however, after I deploy the project to my IIS server (version 6 I believe) using Microsoft's Publish Wizard (create a .zip, move that .zip to the wwwRoot folder the website is pointed at), I encounter an issue: I access the website's main page via URL address, but when I enter the login ID, it produces a built-in error message "Invalid user ID".
The only time this error ever occurs when a valid ID is entered is if the database cannot be reached to check login credentials. So, using SQL Profiler, I tried to see if a query was made to the database - it appears that the answer is "no".
I have verified that the connection strings are configured correctly in the IIS environment, and can safely assume that there are no code-related errors with regards to this issue.
The question: What other troubleshooting methods are available for IIS and SQL interactions to see what the root of this error is, or what suggestions might you have to try and eliminate the problem
Add the user to the database logins and grant this user access to the database. Connection string in your code should have its credentials. Reason why it works on your machine is likely because you are sysadmin or something on the server. Look up a way to enter credentials in your connection string's parameters.
https://www.youtube.com/watch?v=Sp6lR15iWMk
I'm having a small issue and starting to tear my hair out unfortunately.
Please excuse me if this has been answered before but I've been searching for two days and nothing is working.
I have 2 computers, one is windows 7 which is the "Server" ( 3 administrator accounts, A,B,C)
The other windows 8.1 we'll call this "Client" (1 admin account same name as C)
The Server is running MSSQL express - 2014 with SSRS on Acc:A. I'm using the BIDS (on the server Acc:B) to create reports and deploy them onto the report server happily.
What I am needing to do is to be able to access the reports from my client pc but I cant seem to be able to find what is restricting me from accessing the reports or accessing it as a service reference in VS2013.
When I Log onto accounts (useing RDP) B,C I can access the reports server happily but I try to access the reports server from the client using "Server\C" as windows login credentials it says I don't have the privileges for the home page but I can access the Site Settings.
I have a nasty feeling this is all because I'm not running on a windows server environment with domains and such which I would rather not need to use till I deploy this (when I buy a proper server) as at the moment this is all trial and proof of concept stage.
Any help anyone can give would be absolutely amazing! Thanks
Finally managed to get it working after ages, it'll be different when I deploy it but, I simply disabled the ntlm authentication and went for windows basic authentication by doing step 4 in this documentation!
Thanks for all the help!
https://msdn.microsoft.com/en-us/library/8faf2938-b71b-4e61-a172-46da2209ff55(v=sql.110)
I recently installed Microsoft SQL Server 2012 on a fresh Windows 7 installation, but whenever I want to run the server, I get the following error:
Error 1069: The service did not start due to a logon failure.
The following user is configured to start the service: NT Service\MSSQL$SQLEXPRESS
How can I fix this problem?
The answer to this may be identical to the problem with full blown SQL Server (NTService\MSSQLSERVER) and this is to reset the password. The ironic thing is, there is no password.
Steps are:
Right click on the Service in the Services mmc
Click Properties
Click on the Log On tab
The password fields will appear to have entries in them...
Blank out both Password fields
Click "OK"
This should re-grant access to the service and it should start up again. Weird?
NOTE: if the problem comes back after a few hours or days, then you probably have a group policy which is overriding your settings and it's coming and taking the right away again.
This happened to me. A policy on the domain was taking away the SQL Server user account's "Log on as a service" rights. You can work around this using JLo's solution, but does not address the group policy problem specifically and it will return next time the group policies are refreshed on the machine.
The specific policy causing the issue for me was:
Under, Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignments: Log on as a service
You can see which policies are being applied to your machine by running the command "rsop" from the command line. Follow the path to the policy listed above and you will see its current value as well as which GPO set the value.
While ("run as SYSTEM") works, people should be advised this means going from a minimum-permissions type account to an account which has all permissions in the world. Which is very much not a recommended setup best practices or security-wise.
If you know what you are doing and know your SQL Server will always be run in an isolated environment (i.e. not on hotel or airport wifi) it's probably fine, but this creates a very real attack vector which can completely compromise a machine if on open internets.
This seems to be an error on Microsoft's part and people should be aware of the implications of the workaround posted.
Short answer:
install Remote Server Administration tools on your SQL Server (it's an optional feature of Windows Server), reboot, then run SQL Server configuration manager, access the service settings for each of the services whose logon account starts with "NT Service...", clear out the password fields and restart the service. Under the covers, SQL Server Config manager will assign these virtual accounts the Log On as a Service right, and you'll be on your way.
tl;dr;
There is a catch-22 between default settings for a windows domain and default install of SQL Server 2012.
As mentioned above, default Windows domain setup will indeed prevent you from defining the "log on as a service" right via Group Policy Edit at the local machine (via GUI at least; if you install Powershell ActiveDirectory module (via Remote Server Administration tools download) you can do it by scripting.
And, by default, SQL Server 2012 setup runs services in "virtual accounts" (NT Service\ prefix, e.g, NT Service\MSSQLServer. These are like local machine accounts, not domain accounts, but you still can't assign them log on as service rights if your server is joined to a domain. SQL Server setup attempts to assign the right at install, and the SQL Server Config Management tool likewise attempts to assign the right when you change logon account.
And the beautiful catch-22 is this: SQL Server tools depend on (some component of) RSAT to assign the logon as service right. If you don't happen to have RSAT installed on your member server, SQL Server Config Manager fails silently trying to apply the setting (despite all the gaudy pre-installation verification it runs) and you end up with services that won't start.
The one hint of this requirement that I was able to find in the blizzard of SQL Server and Virtual Account doc was this: https://msdn.microsoft.com/en-us/library/ms143504.aspx#New_Accounts, search for RSAT.
I had a similar issue that was resolved with the following:
In Services.MSC click on the Log On tab and add the user with minimum privileges and password (on the service that is throwing the login error)
By Starting Sql Server to run as Administrator
If the user is a domain user use Domain username and password
One possibility is when installed sql server data tools Bi,
while sql server was already set up.
Solution:-
1.Just Repair the sql server with the set up instance
if solution does not work ,
than its worth your time meddling with services.msc
I don't know how good of a solution this is it, but after following some of the other answer to this question without success, i resolved setting the connection user of the service MSSQLSERVER to "Local Service".
N.B: i'm using SQL Server 2017.
Please help this beginner here...
I have a SQL Server 2008 R2 running on Windows Server 2008 R2.
I have Visual Studio installed on my PC.
I created my first report and tried to deploy it. It wouldn't deploy and give me a permission error saying that my (domain) account doesn't have permission to do that. So I took the quidk and dirty way out, and made - temporarily - my account an admin in the Windows 2008 Server machine. That worked, and I was able to deploy the report.
Then I sent the URL link to my boss... but now she couldn't run it because of permissions. So I can't follow the same quick and dirty solution and make all users admins in that machine...
So the question is, where and to what should I set the permissions?
Also, I can't find IIS in that server (I tried running inetmgr from the command prompt). Is it possible that it's not running or installed and still the report runs from a browser for me? I can't find the familiar "Add/Remove Windows Components".
Thanks.
You should create a service account and run all of the reports via this account. This can be configured in the Report Configuration tools. Additionally you should add your boss as a Content Viewer/Report Viewer role in the SSRS security section. You can get to this section by navigating to the URL specified when you configured SSRS, usually http://localhost/ReportServer