I see there is a way to script updating the credentials for an AD MA (also ECMA, etc.) but not a SQL Server management agent.
Does anyone know how this can be done?
[https://learn.microsoft.com/en-us/powershell/module/microsoft.directoryservices.metadirectoryservices.config/set-miisadmaconfiguration?view=idm-ps-2016sp1
Related
I'm having a hard time figuring out how to connect to an Azure Analysis Services using Azure AAD account with MFA.
I've installed the SSAS latest drivers.
I have Microsoft SQL Server Analysis Services (AdomdClient) as the data source type and I'm able to test the connection (it prompts for Okta MFA)
I'm able to create a dataset and use the query designer.
When previewing the report in VS, it returns this error:
The server did not provide a meaningful reply. This might be caused by a contract mismatch, a premature session shutdown or an internal server error.
If I change the data source to prompt for credentials, I receive this error:
Authentication failed: User ID and password are required when user interface is not available
Visual Studio 2019 16.10. Latest version of SSRS extension (2.6.11). Including power bi tag since it might be relevant too.
We faced a similar issue.
Ensure the user whose credentials you insert within the datasource are excluded from MFA within Azure AD policy.
I have an MS Access front end app (accdb) with an Azure SQL back end. I'm currently using SQL Server Authentication, but I'd like to use some sort of Active Directory. I don't have an on-premise AD, so I initially considered setting up Azure AD. However, our small team is already using Office 365, and to the best of my knowledge O365 is powered by Azure AD.
So my question is whether it's possible to use an O365 account (what Microsoft typically calls a "Work Account") to authenticate against an Azure SQL back end? If so, what type of Connection String do I use?
Ideally, when my users open up the Access app, I'd like them to get a pop-up dialog to "Single Sign-On" to their Office 365 account and use those credentials to authenticate against the Azure SQL DB in the back end.
Unfortunately MS Access is not supported at this stage. As far as I know it requires an ODBC driver that supports Azure AD authentication. This driver will be delivered in May 2016. But then MA Assess team has to integrate Access with Azure AD auth. Currently I have no ETA for this task.
Thanks,
Mirek
Microsoft accounts ( like outlook.com, hotmail.com, live.com) are not supported in the current version of Azure AD authentication for Azure SQL DB. Only native or integrated Azure AD users are supported.
For more details see
https://azure.microsoft.com/en-us/documentation/articles/sql-database-aad-authentication/
Thanks,
Mirek
I'm running SQL Server 2012, and I'm trying to configure Reporting Services. I've confirmed that the service is running on my system, but when I start up Reporting Services Configuration Manager, there is no server listed in the start up screen, where it asks to Connect to a Server. When I type in the name of the server, I get a pop up saying,
Cannot Find <Server Name>
That's as far as I get, and I cannot understand why it would not automatically populate the server name or, even less clear, why it wouldn't be able to find the Server once I entered the name in manually.
I wish I could give more information but that's really as far as I get. Are there some basic configurations I can check to see why it's not "aware" of itself as a SQL server?
In my case SSRS was installed but not correctly configured.
I had to use Reporting Services Configuration Manager to create a database (Database panel) and then enable the web services using the 'Web Service URL' panel.
Once both these steps had been completed, I was able to connect via SSMS.
If there's no reporting service instance name displayed in Reporting Services Configuration Manager, it means the Reporting Services instance is not installed properly. You can try to re-add feature(SSRS) to existing SQL instance. Please troubleshooting the installation for SSRS.
https://msdn.microsoft.com/en-us/library/ms144289(v=sql.110).aspx
Also make sure you start SSRS administration tool for right SQL instance.
I have few ssrs 2008 reports.I have created group of users and gave all required permissions to that group.
Now when I am running those reports I am getting strange error.
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'
I don't know from where it came.
I got suggestion that its a issue related to Kerberos authentication. Please some one knows how to solve this let me know.
Or some one knows to solve this kerberos issue also tell me in steps if possible.
Thanks
Vik
Are your reports using pass-through integrated authentication, defined user integrated authentication, or sql user authentication? I suspect the first, in which case you're dealing with the difference between impersonation and delegation.
When connecting to a web server using integrated authentication, behind the scenes you are actually using NTLM or Kerberos. Both allow the process running your web server to act as you. NTLM's impersonation via security token prevents the server from connecting to yet another server as you (that is, to the DB server) and there acting as you again—this is the "double-hop" problem. Kerberos instead uses delegation, passing a ticket around that each server can check for validity and allow.
To get Kerberos working there are several requirements.
If you're connecting to the web server using a name other than its main DNS name (using as an alias) you have to register the alias as valid for the machine with SetSPN. You can have problems with the SPN (Service Principal Name) even without this. Check the SPN on your servers carefully to see if it matches what you expect.
The server you initially connect to must be "trusted for delegation" in your domain policy.
The user that your web server is running under must be "trusted for delegation" as well.
You can work around all this stuff by just making your reports have stored credentials of some sort rather than using pass-through authentication.
The difference between dev and test could be the IIS user, or the data source.
Now, I am assuming here that you're not using SharePoint and are just doing a normal SSRS web install. So if that is not correct please say so.
We have a analysis services olap cube (SSAS 2008) deployed at a test server (MS Serve 2008) in our domain, you can browse the olap cube via ssms without problem. No problems with olap cube itself so far. The user account is admin on the analysis services server.
We also have reporting services (SSRS 2008) installed at the same test server and have a datasource inside the reporting services report that fetch data from the analysis service olap cube. We have set up windows integrated authentication setting but the user trying to connect trough reporting services report to the olap cube get access denied.
An error has occurred during report processing. (rsProcessingAborted)
Query execution failed for dataset 'DsMillCd'. (rsErrorExecutingCommand)
Either the user, KORSNET\TFMAN, does not have access to the AnalysisServices database, or the database does not exist.
If i try out the same olap cube and report trough business intelligence studio local its working, so it must be some setting on the reporting services server.
Do reporting services connect to the analysis services as a another domain account?
I have searched and googled for a answer for about 6 hours now without luck, i'm getting a bit frustrated to get this working.
I think its only a configuration setting that i have missed, so all suggestions are welcome...
Are you logged on as KORSNET\TFMAN?
If the datasource set up for the report is set to use the credentials of the user then it will attempt to authenticate to the database as that user.
Does IE show the site as being part of the local intranet? If not go into security settings and add it.
Does that user actually have permissions to read the database?
It could be the "double-hop" problem where credentials can be carried and used once, but not again, however I think this is unlikely in this situation.