Share via


Kerberos for Microsoft BI - With Delegation and SPN references for SQL, SSRS, SSAS, and SharePoint

Here are the articles that can help with Kerberos, delegation, and getting Integrated Windows Authentication working with the Microsoft BI stack. 

What is the Microsoft BI stack?

  • http://www.microsoft.com/bi lists SQL Server, SharePoint and Office as part of the Microsoft BI stack. Historically, it has been seen as SSRS, SSAS and SSIS.

What is Kerberos?

“Kerberos Explained” is a high technical review that is organized into –

How does Kerberos work in your version of Windows?

 "How the Kerberos Version 5 Authentication Protocol Works" provides a thorough description of the Kerberos authentication protocol, including Kerberos constrained delegation. It applies to Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2.

Kerberos documentation for Windows Server 2008 provides this information in addition to troubleshooting resources –

 Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication shows How To: Implement Kerberos Delegation for Windows 2000. Note that its content is outdated and is no longer being maintained, but provided for those still using Windows 2000.

Kerberos Delegation

Kerberos Protocol Transition and Constrained Delegation whitepaper refers to features that are included with Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition

How to get the Microsoft BI stack working with Kerberos?

SQL Server

For SQL Server 2000 and SQL Server 2005 How to use Kerberos authentication in SQL Server explains how SQL Server can use Kerberos authentication for server clusters. You can use Kerberos authentication with stand-alone computers that are running SQL Server, or with instances of SQL Server that are running on a virtual server.

Analysis Services

How to configure an instance of SQL Server 2000 Analysis Services to use Kerberos authentication describes how to configure an Analysis server computer to use the Kerberos authentication protocol.

How to configure SQL Server 2008 Analysis Services and SQL Server 2005 Analysis Services to use Kerberos authentication shows how you must use Kerberos as the authentication protocol when a connection is made to a computer that is running Microsoft SQL Server 2008 Analysis Services, or Microsoft SQL Server 2005 Analysis Services, and that connection involves a double-hop authentication scenario.

Reporting Services

How to: Configure Windows Authentication in Reporting Services provides information on RSeportServer.config settings, and resolution steps for Kerberos authentication errors when connecting to a Report Server. It covers

  • UAC
  • SPNs
  • Browser settings

How to: Register a Service Principal Name (SPN) for a Report Server shows how using the port is critical for success as in - Setspn -a http/<computername>.<domainname>:<port> <domain-user-account>

Manage Kerberos Authentication Issues in a Reporting Services Environment is a whitepaper that describes how to configure and troubleshoot a Reporting Services service environment to use Kerberos authentication with full delegation

 KERBEROS - Inside OUT has a nice checklist to follow. 

SharePoint

How to configure a Windows SharePoint Services virtual server to use Kerberos authentication and how to switch from Kerberos authentication back to NTLM authentication has just that information

How to configure SharePoint Server 2007 and Excel Services for Kerberos authentication describes how to configure a server that is running Windows Server 2003, Microsoft Office SharePoint Server 2007, and Excel Services for Kerberos authentication.

Configuring Kerberos authentication for SharePoint 2010 Products (white paper) gives you information that will help you understand the concepts of identity in Microsoft SharePoint 2010 Products, how Kerberos authentication plays a very important role in authentication and delegation scenarios. It also shares situations where Kerberos authentication should be used or may be required in solution designs. Scenarios include business intelligence implementations which secure access to external data sources such as SQL Server.

With the changes in architecture in SQL Server 2012 Reporting Services in SharePoint integrated mode, KB article "How to configure SQL Reporting Services 2012 in SharePoint Server 2010 for Kerberos authentication" can be used to setup delegation of credentials.
 

If you miss it, Search it on the Internet!

Do share any useful Kerberos/ delegation related articles and utilities on this page, when used with Microsoft BI products and technologies