Prompted for Password When Running SMS 2003 Reports

[2tired2care]

Every time I run one of the "canned" reports in SMS 2003, I get prompted for a password.

What security setting to I need to change to get rid of this prompt?

 

[jc999]

Getting the same problem. Have you overcome it yet? Do your reports run OK if you put in a username and password? I am getting 'access is denied' or 'the reports do not exist' when I enter the domain admin password.

I notice that there is a local 'SMS reporting users' group on my sever with no members. Put my domain admin into it but no help.

 

[tbrennans]

The WebReport_approle account is managed by SMS and the password is generated and updated by SMS. If the password gets changed or out of sync, there are two ways that you can reset the password:

1. By doing a Site Reset

2. Pulling the Reporting Point, wait for the files to be removed and re-push the Reporting Point

I would also make sure that machine time synch is correct and in line with your sms server.

 

[2tired2care]

Still having the problem with the userid/password prompt when running a SMS 2003 report.
Could someone please help?

Try the following to get access rights to reports...
SYSTEMS MANAGEMENT SERVER | SITE DATABASE | REPORTING | REPORTS
Right-click on REPORTS and click on PROPERTIES from the popup menu.
Click on the SECURITY tab.
Click on the sunburst icon (*) to add a security right.
In white box below USER NAME:, type: domain\userid where domain is your NT domain and userid is the userid you want to grant reports rights to.
Next under PERMISSIONS, click on every blank box to enble each persmissions (should show a check mark).
Next click on the OK button.
**WARNING** Make sure that the domain\userid is typed correctly and exists. SMS 2003 does NOT perform a validity check!

Run a report and provide the newly entered information. Don't forget the userid should be entered in the format: domain\userid

Just a comment...
This product would be 1000 times easier to use:
1. If Microsoft had provided step-by-step instructions on how to do a basic SMS 2003 installation on a single server (one without AD and one with AD).
Getting the product up and running is 50% of the battle.
2. If Microsoft had provided a master error listing for EVERY error message that SMS 2003 could generate. The master error listing would contain - error message, description of problem (in plain English) and a list of suggested solutions to solve the problem. Think of the documenation that came with your VCR - It has a master list of all possible problems and messages for the VCR. Then for each problem/message - it lists all possible ways to solve the problem with appropriate references to a page in the VCR's manual.

 

[2tired2care]

In regards to suggestions:

The WebReport_approle account is managed by SMS and the password is generated and updated by SMS. If the password gets changed or out of sync, there are two ways that you can reset the password:

1. By doing a Site Reset
>>>>Done and no effect.

2. Pulling the Reporting Point, wait for the files to be removed and re-push the Reporting Point
>>>>Sorry, I am confused. My setup is using only one server as the SMS 2003 server. Don't think there is anything to "pull". If yes, then provide details on how.

I would also make sure that machine time synch is correct and in line with your sms server.
>>>>Sorry, I am confused. What is "machine time synch"? Running reports from single SMS 2003 server. Don't think that there is anything to sync.

Any other suggestions?

 

[tbrennans]

So if I'm getting this right your reporting point (including iis)is on the sms server.... I could see your confusion, that was more if your reporting point was another server. The time synch was the same meaning the system time was from the same source but iis was on a different machine

seems as though you have the rights down:

The user account you are using must be a member of SMS Reporting Users
(administrators are automatically members even though not listed in the group), and must have SMS Security Rights to the specific report, The absolute minimum right that need to be granted to read and run reports is read

If you are prompted to enter credentials then perhaps IE 6 security changes that may be an issue.

In IE go to "Internet options"
Select the Security tab
click on the Trusted sites icon
press Sites... button
add the SMS Report Viewer site as one of your trusted
sites (Add the website to the zone)
make sure "require server verification" checkbox is
UNCHECKED
press ok

Now press Custom Level... button
In the security settings go down to the bottom and make
sure "automatically logon with current username and
password" is selected

 

[yawnbob]

I had the same problem after applying the last set of Microsoft security patches. Web reporting was working fine for me before I applied the patches. I suspect it was MS04-012 since it deals with DCOM and I started seeing DCOM 10002 errors in my logs afterward. I was also seeing "401 Unauthorized" errors in my clients ccmexec.log files.

The way I solved this was to remove the role of Management Point and also Reporting Point on the site server, wait 10 minutes then re-enable those roles.

Bob

 

[2tired2care]

Thanks - that was the fix!

Didn't even think to look at the security settings for IE.

 

[tbrennans]

Great glad that worked....I was out of suggestions