1dent1ty cHa0s

So, we got hit by this one today with the following configuration:

• Single server running WSS 3.0 in Web Farm Mode
• SQL Reporting Services running in SharePoint Integrated Mode
• Local SQL Implementation
• Local IIS Implementation
• ReportServer running as Domain Account, Host Headers set, SPN's reflective of Host Headers (FQDN and NetBIOS)
• SharePoint site running as Domain Account, Host Headers set, SPN's reflective of HostHeaders (FQDN and NetBIOS)
• SharePoint Integration Mode set to Windows Authentication
• SharePoint Integration Mode configured to use the proper Host Header to reach the ReportServer Virtual Server
• All Host Headers registered in DNS using A records, not CNAMEs
• Default security provider for the Site Collection was configured for Kerberos

The following symptoms were evident:

• All portal users were authenticating to the site with Kerberos (valid 540 Security events indicating Kerberos AuthN)
• Local access to the site worked and reports ran fine
• Remote access to the site succeeded, but reporting failed with the 401 error
• Remote access attempts would generate login attempts from Anonymous (540 Security events using NTLM followed by 538 Logon events)

David Lundell found the referenced article and we applied the recommended registry fix to add the host headers to the BackConnectHostNames entry. What was really a pain was that we'd make the fix, run an IISReset like the KB Article suggests and it would remain broken for another 30 or so minutes and then mysteriously start working. Consequently, trying to validate that the registry entry fixed the problem by backing out the change resulted in the same mysterious circumstances - at first it would continue to work (even after the IISReset) and then sometime afterwards fail. The referenced blog article wisely recommends a full reboot and after following that advice we can confirm that the fix does in fact resolve the issue.

Musings on Reporting Services and Notification Services : Reporting Services HTTP 401 (Unauthorized)