SQL Reporting Services and the Unattended Execution Account
Thanks to John Gallardo and Radu Grama for engaging in a very interesting conversation from which I’m cribbing the following information!
Scenario:
After changing the password on the user you are using for SSRS’s unattended execution account, all of your reports stop rendering. Regardless of whether report data sources leverage stored Windows / SQL credentials or they dynamically pick up the user’s identity, no reports will run. Instead, the error below is returned:
“Logon failed (rsLogonFailed) Logon failure: unknown user name or bad password.”
BOL (https://msdn2.microsoft.com/en-us/library/ms156302.aspx) says the following about the unattended execution account:
SQL Server 2005 Reporting Services requires a special account to use for unattended report processing. The account is used in the following ways:
· Connect to external report data sources that do not require or use authentication.
· Send connection requests over the network for reports that use database authentication. For more information, see Specifying Credential and Connection Information in SQL Server Books Online.
· Retrieve external image files that are used in report. For more information about the unattended execution account is used for retrieving images, see Adding an Image to a Report in SQL Server Books Online.
Unattended report processing refers to any report execution process that is triggered by an event (either a schedule-driven event or data refresh event) rather than a user request. A special account must be configured for unattended report processing only when the external report data source does not require or use credentials, or when a report data source connection requires credentials to be specified in the connection string (not recommended).
It’s pretty much common knowledge that the unattended execution account is used in scenarios where reports are executed on a schedule, but as you can see, we use it for other things, too.
It also turns out that if you have specified a userid/password for the unattended execution account, SSRS will always impersonate it when you render a report, even if you are doing on-demand execution. This nugget was sure news to me!
If you have specified an unattended execution account, SSRS basically flip-flops between impersonating it and the identity specified in your data source during the rendering process. Most of the “work” happens under the context of the data source identity, but at some point, we will always flip over to the unattended execution account.
So, the moral of the story is that if you use an unattended execution account, you’ve gotta keep the password up-to-date. If you aren’t doing things mentioned in the BOL list (above), you could also choose not to use the unattended execution account at all, which would also solve your problem.
Comments
Anonymous
August 25, 2006
The comment has been removedAnonymous
November 09, 2006
Thanks a lot solved my problem after a couple of hours searching. My problem started when I changed my passowrd.Anonymous
December 06, 2006
The comment has been removedAnonymous
December 09, 2006
The comment has been removedAnonymous
January 10, 2007
The comment has been removedAnonymous
February 08, 2007
Thanks for the post, but don't you think you could possibly have a better error message for this scenario! Jeez...Anonymous
April 11, 2007
Definately move this tidbit from Semi-Useful to VERY-Useful. Only improvement would have been to have it magically pop up on my screen 2 hours ago ;)Anonymous
October 28, 2008
The comment has been removedAnonymous
June 16, 2009
PingBack from http://fixmycrediteasily.info/story.php?id=527Anonymous
February 03, 2015
The comment has been removed