Problems with cross forest authentication in SQL Reporting

Posted by chunkyb2002 on Server Fault See other posts from Server Fault or by chunkyb2002
Published on 2011-11-24T16:44:30Z Indexed on 2011/11/24 17:58 UTC
Read the original article Hit count: 2249

We're currently running an SQL 2008 R2 Cluster with Reporting Services running, all for use with System Center Operations Manager 2007 R2 (RU3). Our users are on a different domains to the SCOM and SQL servers (we have two domains as we are in the process of a domain migration)

We have no problems at all with users accessing reports via the SCOM Console or the Web interface if they are on the new domain which runs at 2008 R2 functional level.

However users on the old domain (which runs at a 2003 functional level) cannot access reports on SCOM or via the web interface (http://sqlserver/reports)

The error we get is:

An error occurred when invoking the authorization extension. (rsAuthorizationExtensionError) For more information about this error navigate to the report server on the local server machine, or enable remote errors

Taking the errors advise we logged on to the SQL server as a user on the old domain (which works fine!) and then try to authenticate with the reporting via the web interface which produces this most useful of errors:

An error occurred when invoking the authorization extension. (rsAuthorizationExtensionError) The creator of this fault did not specify a Reason.

Things we've tried:

  1. Recreating the trust between domains
  2. Ensuring the SQL Reporting service account was a member of Windows Authorization Access Group on the 2003 domain
  3. Added users on the 2003 domain explicitly to the Reporting Users group on the SQL Server

Has anyone come across this issue before perhaps in a different scenario? If so how was it resolved?

Thanks in advance for any help.

© Server Fault or respective owner

Related posts about active-directory

Related posts about sql-server-2008