There was an error in this gadget

Thursday, February 2, 2012

SSRS Scale Out Web Farm 401.1 - Unauthorized

Our topology:
Internal corporate network domain utilizing Integrated Windows Authentication between local workstations and the web and database servers. (domain similiar to: http://reports.ourdomain.com)

Machine #1: Windows 2003 Server w/SQL Server 2005 (SP2 and hotfixes applied) running SSRS.
Machine #2: Windows 2003 Server w/SSRS only. (pointing to the SQL DB on Machine #1)
Machine #3: Windows 2003 Server w/SSRS only. (pointing to the SQL DB on Machine #1)
Device #1: Arrowpoint load balancer for Machines #2 & #3 (w/sticky sessions).


We recently added 2 web servers and configured them to load balance the web requests to a seperate SQL Server machine. (the load balancing is done thru an Arrowpoint device not Microsoft NLB)

The installation of reporting services (on Machine #2 & #3) went smoothly and the configuration was a breeze. But we could not access the "http://reports.ourdomain.com/Reports" directory for reporting services on the 2 web server machines. We received the "401.1 - Unauthorized" http error.

Since we were using a domain name to access the report server we made sure to update the <URL> tag in the config files.

File location 1:
C:Program FilesMicrosoft SQL ServerMSSQL.2Reporting ServicesReportManagerRSWebApplication.config

<ReportServerUrl>http://reports.ourdomain.com/ReportServer</ReportServerUrl>



File location 2:
C:Program FilesMicrosoft SQL ServerMSSQL.2Reporting ServicesReportServer
sreportserver.config

<UrlRoot>http://reports.ourdomain.com/reportserver</UrlRoot>

We still received the error, so then we added a couple of entries to the HOSTS file on each web server:
File location -->
C:WINDOWSsystem32driversetcHOSTS

In order for the load balancers to "see" themselves from the domain reference we had to update the HOSTS file
on each web server to have the domain name "reports.ourdomain.com" point to the IP Address of the specific web server.
(we also added the IP of Machine #1 just to be safe):

MACHINE #2's HOSTS file:
127.0.0.1 localhost
10.10.0.1 Machine1
10.10.0.2 reports.ourdomain.com #IP of Machine2


MACHINE #3's HOSTS file:
127.0.0.1 localhost
10.10.0.1 Machine1
10.10.0.3 reports.ourdomain.com #IP of Machine3

Then the web servers were able to authenticate the users using IWA and NTLM
and we could access the report servers normally. Even the the scheduled reports
were being load balanced and emailed from the web servers which we didn't
expect to happen. (pretty cool!)

No comments:

Post a Comment