Monday, May 23, 2005

Windows Server 2003 Service Pack 1 and SQL Server Reporting Services

After installing 3 updates on our servers (Windows Server 2003 SP1, SQL Server 2000 SP4, and Reporting Services SP2), the only big problem encountered was an annoying "The request failed with HTTP status 401: Unauthorized." error when trying to view the Report Manager Web Interface to view reports.

Regardless of the account used and the priveleges of that account, this message would be displayed. It was clearly only a function of the Report Manager because if you navigated directly to the ReportServer virtual directory, you could find the reports and run them, but browsing to the Report Manager or trying to access it from our application via Web Services failed with the 401 error mentioned previously.

Well, a full day later, I owe many thanks to this post and it's authors, who explain that a simple security change by Microsoft to prevent "man in the middle" attacks as a part of W2k3 SP1 could be ammended by a simple registry addition to get my Report Server working again.


(I wonder what the security implications of the change are? Probably not serious enough for me in the scope in which we operate and the means through which our clients have access to their reports on our server....)


At 5/29/2005 03:19:00 AM, Blogger Flarepath said...

Glad this helped you guys :) Like you, we didn't think that our RS would be subject to this type of attack so were prepared to make the change. To be honest, I don’t fully understand the implications but if this was open before SP 1, I guess it’s *reasonably* safe post SP 1…


Post a Comment

<< Home