1

I'm trying to configure Team Foundation Reporting but without any success.

The App Tier and the Data Tier are in separate servers.

I guess it's not a port/firewall problem, because I opened port 135, and I can see the established connection by using TCPView (from Sysinternals) whenever I click "Populate URLs" in the Reports tab in TFS Administration Console. I can also telnet servername 135 without any problems.

I also checked if WMI service is started in the Data-Tier. And for SQL Server Reporting Services. Also checked for RPC and RPC Locator in both servers. They're all started and automatic.

I also set tfs app user as admin in sql reporting services. Added all kinds of permissions to the tfs user in the Data-Tier server.

I set all user permissions in dcomcnfg.

Allowed all WMI namespaces permissions to the user. (Computer Management -> WMI Control)

Deactivated Windows Firewall in both servers temporarily.

No luck.

However, in the app-tier, when I click Computer Management -> Connect to another computer, and type the data-tier IP, i can't connect. I get the message "Computer xxx cannot be managed. The network path was not found". How is that ? Tried IP, name, and FQDN. I also tried browsing and selecting the computer. Nothing changed.

I'm lost, what could possibly be happening ?

Thanks in Advance!

Conrad Clark
  • 4,533
  • 5
  • 45
  • 70

4 Answers4

1

i'm betting that you're having the double-hop issue. try having your system admin set an spn for the website on the sql server.

DForck42
  • 19,789
  • 13
  • 59
  • 84
  • Thanks for the response! You mean that issue from NTLM authentication? And which website? You mean the reporting services web service? Or tfs url? I don't know much of this stuff, sorry. – Conrad Clark Mar 15 '11 at 17:28
  • yeah, NTLM. I'm not sure if it'd be the reports website or the actual tfs website, or both. sorry, i really don't know a whole lot about this myself or i would have been more detailed. – DForck42 Mar 29 '11 at 13:23
1

you also need the AD permission 'trust for delegation' on the AD Service Account, right?

do that and SetSpn with the service account, that should help I think that the SPN option was spot on

Aaron Kempf
  • 580
  • 2
  • 11
0

See this answer:

IIS to SQL Server kerberos auth issues

which links to an old but user-friendly troubleshooting web app called DelegConfig. It can try to run the SetSpn commands for you, at least giving you an idea of what they need to be.

I ran into SPN issues when using an externally-accessible URL (+SSL) everywhere.

Community
  • 1
  • 1
user423430
  • 3,654
  • 3
  • 26
  • 22
0

I had kind of the same issue. Kind of as it worked, when I turned off the firewall. Turns out the Firewall rules for WMI on the report server make the difference and the population of Report Server URLs in DevOps Setup dialog work:

enter image description here

Daniel Fisher lennybacon
  • 3,865
  • 1
  • 30
  • 38