SQL Server 2008 Analysis Services and IIS cannot use NTLM if there is a double hop during authentication i.e., the SQL Server and the IIS Servers are hosted on two different servers.
The only way to get around this problem is to enable Kerberos and this is no mean task.
The project that I was involved in used SSAS 2008 and MOSS 2007.
Here are the high level steps on how to enable Kerberos, will try and post detailed steps later.
1) Enable Kerberos for the site using SharePoint Central Admin
2) Edit the connection string to add SSPI=Kerberos
3) Add SPNs the service accounts of the App pools of the site, SSP and the service account running SSAS
4) Enable the service accounts to trust for delegation (Kerberos only)
5) Ensure the Kerberos service which provides tickets is running on all the domain controllers that serve the users
If all the above fails there is a bug with 2008 providing a fix
No comments:
Post a Comment