André Krijnen

Active directory

Kerberos, Reporting Services and SharePoint Integrated http 401: Unauthorized

by on Apr.06, 2011, under Active directory, Kerberos, Reporting Services, SharePoint 2010

When it comes to Reporting Services integrated with SharePoint it is difficult to solve problems when you don’t know where to start. Alot of people having issues when solving problems, or configuring Kerberos that way that Windows Integrated security is working properly.

At my work I’ve been at different customers, and still having some problems when it comes to Kerberos, why? Because every environment is different, every server is different, and when it comes to Reporting Services integrated with SharePoint it is some times a hell to fix issues.

So I’ve done multiple integrations with Reporting Services and SharePoint, and yet I know alot about Kerberos. Setting up delegations between App Pools and SSRS, SSRS and SSAS, SSAS and MSSQL, SSRS and MSSQL.

So I’ve ran last monday in a problem with SharePoint and Reporting Services, and why I did I ran into it? Simply, not every environment is configured properly when it comes to DNS, AD, etc.

So I’ve used Fiddler, DelegConfig v1, DelegConfig v2 Beta, ProcessMonitor, but yet I couldn’t figure it out. Even with HTTP streaming, etc I couldn’t see any information. The only thing I could see that was every time I tried I was succesfully logon.

Everytime I get with the integration was the following error: The request failed with HTTP status 401: Unauthorized

Probably everyone that has configured SSRS with SharePoint has seen this error in his life, right? Well If you hit google or bing for it, it will always show Reporting Services Add-In SharePoint. Yes, this is the one everyone is talking about.

Well I used all the tooling a SharePoint dude has to know. But yet I didn’t receive any request on the server running SSRS, and you know why? Because somebody forget to add the http:///ReportServer to the Intranet list. Yet, I added the server to the Intranet list, it solved the problem. Do not add it to the Trusted Sites, because It won’t do anything.

4 Comments :, , , , , , more...

User Profile Synchronization and the errors, a different approach.

by on Jul.26, 2010, under Active directory, ForeFront Identity Manager, SharePoint 2010, SharePoint Foundation, sql server, User Profile Services, Visual Studio 2010

When I started to work with SharePoint 2010 I’ve noticed that there are alot of issues regarding the User Profile Synchronization. Alot of people mentioned the following event viewer problems:

Microsoft.ResourceManagement.ServiceHealthSource
Event ID: 22
Level: Error

The Forefront Identity Manager Service cannot connect to the SQL Database Server.

The SQL Server could not be contacted. The connection failure may be due to a network failure, firewall configuration error, or other connection issue. Additionally, the SQL Server connection information could be configured incorrectly.

Verify that the SQL Server is reachable from the Forefront Identity Manager Service computer. Ensure that SQL Server is running, that the network connection is active, and that the firewall is configured properly. Last, verify the connection information has been configured properly. This configuration is stored in the Windows Registry.

ILM Web Service Configuration
Event ID: 234
Level: Warning

ILM Certificate could not be created: netsh http error:netsh http add urlacl url=http://+:5726/ user=MSSDEVIA\MSSFARM sddl=D:(A;;GA;;;S-1-5-21-3647457175-3930976156-3381717532-1106)

ForeFront Identity Manager
Event ID: 3
Level: Error

.Net SqlClient Data Provider: System.Data.SqlClient.SqlException: Cannot open database “User Profile Service Application_SyncDB_1d4b979635654411b18ce834c5c0a76a” requested by the login. The login failed.
Login failed for user ‘MSSDEVIA\mssfarm’.
at Microsoft.ResourceManagement.Data.Exception.DataAccessExceptionManager.ThrowException(SqlException innerException)
at Microsoft.ResourceManagement.Data.DatabaseConnection.Open(SqlConnection connection)
at Microsoft.ResourceManagement.Data.DatabaseConnection.Open(DataStore store)
at Microsoft.ResourceManagement.Data.TransactionAndConnectionScope..ctor(Boolean createTransaction, IsolationLevel isolationLevel, DataStore dataStore)
at Microsoft.ResourceManagement.Data.TransactionAndConnectionScope..ctor(Boolean createTransaction)
at Microsoft.ResourceManagement.Data.DataAccess.RegisterService(String hostName)
at Microsoft.ResourceManagement.Workflow.Hosting.HostActivator.RegisterService(String hostName)
at Microsoft.ResourceManagement.Workflow.Hosting.HostActivator.Initialize()
at Microsoft.ResourceManagement.WebServices.ResourceManagementServiceHostFactory.CreateServiceHost(String constructorString, Uri[] baseAddresses)
at Microsoft.ResourceManagement.WindowsHostService.OnStart(String[] args)

ForeFront Identity Manager
Event ID: 3
Level: Error

.Net SqlClient Data Provider: System.Data.SqlClient.SqlException: HostId is not registered
at Microsoft.ResourceManagement.Data.Exception.DataAccessExceptionManager.ThrowException(SqlException innerException)
at Microsoft.ResourceManagement.Data.DataAccess.RetrieveWorkflowDataForHostActivator(Int16 hostId, Int16 pingIntervalSecs, Int32 activeHostedWorkflowDefinitionsSequenceNumber, Int16 workflowControlMessagesMaxPerMinute, Int16 requestRecoveryMaxPerMinute, Int16 requestCleanupMaxPerMinute, Boolean runRequestRecoveryScan, Boolean& doPolicyApplicationDispatch, ReadOnlyCollection`1& activeHostedWorkflowDefinitions, ReadOnlyCollection`1& workflowControlMessages, List`1& requestsToRedispatch)
at Microsoft.ResourceManagement.Workflow.Hosting.HostActivator.RetrieveWorkflowDataForHostActivator()
at Microsoft.ResourceManagement.Workflow.Hosting.HostActivator.ActivateHosts(Object source, ElapsedEventArgs e)

Of course I’ve watched the different blog posts from different MVP’s and others. But there still seems to be alot of different issues regarding the UPS of SharePoint 2010. Yet, I’ve found out that there are more issues as they speak of.
In my case the scenario was alot different then rights on the local machine or on the domain. The users had all the rights to perform Replicate Directory Changes on the domain, and yet I’ve had these errors.

I’d Visual Studio 2010 installed and it came up with the Jit-In-Time debugger with errors.

An unhandled exception (‘System.ServiceModel.ProtocolException’) occurred in OWSTIMER.exe [5630]

Application Error
Event ID: 1000
Level: Error

Faulting Application name: OWSTIMER.exe, version: 14.0.4762.1000, time stamp: 0x4bad920c
Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385, time stamp: 04xa5bdfe0
Exception code: 0xe0434f4d
Fault offset: 0x000000000aa7d
Faulting Process id: 0xa58
Faulting application start time: 0x01cb2cacfed18e83
Faulting application path: C:\Program Files\Common Files\Microsoft shared\Web Server Extensions\14\Bin\OWSTIMER.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report id: f3b92d5f-98a3-11df-b4fd-000c29240fea

So, I’ve opened a new instance of Visual Studio 2010 Debugger, and it came up that the internal Proxy Server needed authentication. I did get a 407: Proxy Authentication Required.

If you think you’ve done everything to the different blog posts you’ve writtend, and you can’t find any issues, it can be that something else blocking your way to use the different SharePoint Application Services.

MS is not helping you with these kind of issues, but when you need some help, try to use Visual Studio on your application server, or server that is going to host the UPS service to identify which errors it comes up with.

If you can’t use Visual Studio because it’s a production environment, try to get a test environment in the same environment your production environment is in, and install there Visual Studio.

1 Comment :, , , , , , , , , , , , , , , , , more...

DirSync for BPOS: Set-CoexistingConfiguration Error

by on Mar.06, 2010, under Active directory, BPOS

For the first time I’ve met the error ‘Set-CoexistingConfiguration’ with BPOS DirSync. What happend you think?

Well I’ve did all the planning and configuration of the Active Directory at a customer for using Directory Synchronization with BPOS. But the customer had a Parent-Child domain configuration, so this was new for me using DirSync.

I ran the configuration with our normal domain admin account and with the made account above. Both running into the Set-CoexistingConfiguration error. When I use the ADInsight tool supplied by Sysinternals I see the follow data:

ConfigWizard.exe:0212 modify _sa_adsync ..local: 1 mods 2/0 ctrls CONSTRAINT_VIOLATION 1.488ms

You would say there is an error using the DirSync or a configuration problem on the machine. So we’ve checked everything. We could do everything with the account supplied with the setup, but yet we found out that wasn’t enough.

So we used another account that was made at both domains. So the parent-child had the same account. Yet we thought that couldn’t work, but it did some how. I’ve talked with the experts at Microsoft regarding these problems, but even they didn’t know what this error was. So also Microsoft we’ll be checking what this means.

Leave a Comment :, , , , , , , more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Blogroll

A few highly recommended websites...