Answered by:
Kerberos issue with custom reports on Server 2012

Question
-
Hi,
The first time I install CRM 2011 RU13 on a Server 2012 environment and all is fine except Kerberos (offcourse ;-) )
The custom reports are not working, stating "The target principal name is incorrect" in the SSRS server log.
Here is my configuration :
CRM Web server is a Windows 2012 server called "serveur-crm" and is running on port 5555 only http.
CrmAppPool is running as PHACOBEL\crmservice
I have following settings for windows authentification on the CRM website :
authPersistNonNTLM = false,authPersisSingleRequest = False, no extended Protection,Provider = Negotiate,UseAppPoolCredentials = True,useKernelMode = false
setspn -l PHACOBEL\crmservice returns :
http/serveur-crm.phacobel.com:5555
http/serveur-crm:5555SQL and SSRS is on another server 2012 machine called "Serveur-sql"
The SSRS Service is running on 'Network Service'.
I can't see what's wrong in the setup, any idea's?
Regards,
Sven Peeters
Friday, April 19, 2013 9:10 AM
Answers
-
Hi Sven,
you need to add the following SPN's as well:
HTTP/servername
HTTP/sername.fqdnVisit my blog for CRM material, improving performance, kerberos, IFD, development tips, etc. :) http://quantusdynamics.blogspot.com
- Marked as answer by Sven_Peeters Friday, April 19, 2013 6:32 PM
Friday, April 19, 2013 3:17 PMAnswerer
All replies
-
Hi,
Try to change the ssrs service to local system. it works for me! hope it helps!
Sindu M
Friday, April 19, 2013 9:16 AM -
Hi Sindu,
Then the default reports stop working is well :-(.
But thank you for the hint ...
Regards,
Sven Peeters
Friday, April 19, 2013 10:06 AM -
Hi,
Refer these link, it may help you,
http://social.microsoft.com/Forums/en-US/crmdeployment/thread/917e5f58-5967-495a-aa8a-0ccf286aca88
https://community.dynamics.com/crm/f/117/p/76866/163049.aspx#.UXEYb6JHKu8
http://www.salentica.com/crm-2011-when-crm-custom-reports-dont-work/
http://andreaswijayablog.blogspot.in/2012/11/crm-2011-kerberos-troubleshooting.html
Sindu M
Friday, April 19, 2013 10:14 AM -
Hi Sindu,
The only thing that was different to my setup was that it sets NTLM as the second provider after negotiate.
Unfortunately, that doesn't solve it either ...
Regards,
Sven
Friday, April 19, 2013 11:41 AM -
Hi Sven,
you need to add the following SPN's as well:
HTTP/servername
HTTP/sername.fqdnVisit my blog for CRM material, improving performance, kerberos, IFD, development tips, etc. :) http://quantusdynamics.blogspot.com
- Marked as answer by Sven_Peeters Friday, April 19, 2013 6:32 PM
Friday, April 19, 2013 3:17 PMAnswerer -
Hi nrodi,
It doesn't make sense since my site is on port 5555 but it works, so kudos for you ....
Do you care to explain or you just do this because it works?
Regards,
Sven
Friday, April 19, 2013 6:34 PM