Problems with cross forest authentication in SQL Reporting
Posted
by
chunkyb2002
on Server Fault
See other posts from Server Fault
or by chunkyb2002
Published on 2011-11-24T16:44:30Z
Indexed on
2011/11/24
17:58 UTC
Read the original article
Hit count: 2249
active-directory
|sql-server-2008
|reporting-services
|windows-authentication
|scom-2007-r2
We're currently running an SQL 2008 R2 Cluster with Reporting Services running, all for use with System Center Operations Manager 2007 R2 (RU3). Our users are on a different domains to the SCOM and SQL servers (we have two domains as we are in the process of a domain migration)
We have no problems at all with users accessing reports via the SCOM Console or the Web interface if they are on the new domain which runs at 2008 R2 functional level.
However users on the old domain (which runs at a 2003 functional level) cannot access reports on SCOM or via the web interface (http://sqlserver/reports)
The error we get is:
An error occurred when invoking the authorization extension. (rsAuthorizationExtensionError) For more information about this error navigate to the report server on the local server machine, or enable remote errors
Taking the errors advise we logged on to the SQL server as a user on the old domain (which works fine!) and then try to authenticate with the reporting via the web interface which produces this most useful of errors:
An error occurred when invoking the authorization extension. (rsAuthorizationExtensionError) The creator of this fault did not specify a Reason.
Things we've tried:
- Recreating the trust between domains
- Ensuring the SQL Reporting service account was a member of Windows Authorization Access Group on the 2003 domain
- Added users on the 2003 domain explicitly to the Reporting Users group on the SQL Server
Has anyone come across this issue before perhaps in a different scenario? If so how was it resolved?
Thanks in advance for any help.
© Server Fault or respective owner