Checking the security audit log on my reporting services box indicates that all connections are being made via NTLM. I need connections to be made via kerberos because I have integrated security data sources that point to other boxes. I've done this many times in 2005, 2008, 2008R2 and 2012, and I am going crazy trying to figure out what's wrong.I have:A sql server box called MySqlServerreporting services service running as mydomain\myaccountreporting services databases on a sql instance called MySqlServer\myInstance running as mydomain\myaccount (same account, I doubt this is relevant anyway)mydomain\myaccount is trusted for delegationsys.dm_exec_connections shows that connections to MySqlServer\myInstance are using kerberos.setspn -l mydomain\myaccount includes the following output:[code]http/MySqlServer.mydomain.com.auhttp/MySqlServermssqlsvc/MySqlServer.mydomain.com.au:mystaticportmssqlsvc/MySqlServer:mystaticport[/code]rsreportserver.config authentication is configured as follows:[code]<Authentication> <AuthenticationTypes> <RSWindowsNegotiate /> </AuthenticationTypes> <RSWindowsExtendedProtectionLevel>Off</RSWindowsExtendedProtectionLevel> <RSWindowsExtendedProtectionScenario>Proxy</RSWindowsExtendedProtectionScenario> <EnableAuthPersistence>true</EnableAuthPersistence></Authentication>[/code]I have restarted the reporting services service several times now. I simply cannot get a kerberos connection. But as far as I know, the above covers everything required for kerberos to be used. Anyone know of *anything* else that could be coming into play, no matter how crazy it may sound? Duplicate SPNs, something to do with subnets, datacenters, air speed of a fully laden swallow...
↧