I have an ASP.NET web application on one server trying to access a report server on another. When the web application tries to take any action through the web service, it receives a "401: Unauthorized" error. Both servers use Windows Server 2008, the SQL Server is running SQL 2008 (SP1). Both servers are on the same domain, but authentication is set up through a local account defined on the SQL machine (local Windows user, using Windows authentication). I can successfully access the //server/reports and //server/reportserver sites from the app server using Internet Explorer with the credentials set up on the sql server. I can successfully authenticate & browse to //server/reportserver/reportservice2005.asmx and see the wsdl file. The problem only exists when the web app itself tries to use the SSRS web service endpoint. Kerberos is set up, but not being used for this exchange. Here is a simplified version of my code trying to do the exchange that fails with "401: Unauthorized": ReportingService2005 rs = new ReportingService2005(); rs.Url = "http://server/reportserver/reportservice2005.asmx"; CredentialCache cache = new CredentialCache(); cache.Add( new Uri(rs.Url), "Negotiate", new NetworkCredential("user", "password", "domain" )); //cache.Add( new Uri(rs.Url), "Negotiate", new NetworkCredential("user", "password")); //cache.Add( new Uri(rs.Url), "Negotiate", new NetworkCredential("domain/user", "password")); rs.Credentials = cache; SearchCondition condition = new SearchCondition(); condition.Condition = ConditionEnum.Equals; condition.ConditionSpecified = true; condition.Name = "Name"; condition.Value = folder; SearchCondition[] conditions = new SearchCondition[1]; conditions[0] = condition; CatalogItem[] items = null; items = rs.FindItems( "/", BooleanOperatorEnum.Or, conditions ); This code works fine on several other similar installations of SSRS 2008 (app being on a separate machine from sql). At this installation I'm getting the 401: Unauthorized error any time I try to use the ReportingService2005 or ReportExecutionService objects. I have tried defining the NetworkCredential above using each of the methods shown (alternate methods commented out) - all have the same result.

Hi TracyDev, 401 error is a general error. I would suggest you checking the detailed error from the SQL Server Reporting Services logs. Then, please follow the article below to determine the root cause: Troubleshooting HTTP 401 errors in IIS: http://support.microsoft.com/kb/907273 (It is similar to this case, even though it is for IIS) Thanks, Jin ChenJin Chen - MSFT

Hi Jin, Thank you for your reply. I cannot find a substatus to the 401 Unauthorized message. After some work, I was able to track this in the HTTP log: #Fields: date time cs-username s-ip s-port s-host cs-method cs-uri-stem cs-uri-query sc-status cs-bytes time-taken cs-version cs(User-Agent) cs(Cookie) sc(Cookie) cs(Referrer) 10/15/2010 12:52:48 - 148.61.12.154 20480 timeclock-sql POST /ReportServer/reportservice2005.asmx 401 380 0 1.1 timeclock-sql - - - 10/15/2010 12:52:48 - 148.61.12.154 20480 timeclock-sql POST /ReportServer/reportservice2005.asmx 401 356 0 1.1 timeclock-sql - - - 10/15/2010 13:22:05 - 148.61.12.154 20480 timeclock-sql POST /ReportServer/reportservice2005.asmx 401 380 0 1.1 timeclock-sql - - - 10/15/2010 13:22:05 - 148.61.12.154 20480 timeclock-sql POST /ReportServer/reportservice2005.asmx 401 356 0 1.1 timeclock-sql - - - 10/15/2010 13:46:04 - 148.61.12.154 20480 timeclock-sql POST /ReportServer/reportservice2005.asmx 401 380 0 1.1 timeclock-sql - - - 10/15/2010 13:46:04 - 148.61.12.154 20480 timeclock-sql POST /ReportServer/reportservice2005.asmx 401 356 0 1.1 timeclock-sql - - - 10/15/2010 13:46:45 - 148.61.12.154 20480 timeclock-sql GET /reportserver/reportservice2005.asmx 401 471 0 1.1 timeclock-sql - - - 10/15/2010 13:46:56 - 148.61.12.154 20480 timeclock-sql GET /reportserver/reportservice2005.asmx 401 549 0 1.1 timeclock-sql - - - 10/15/2010 13:47:25 TIMECLOCK-SQL\app_sqlreporting 148.61.12.154 20480 timeclock-sql GET /reportserver/reportservice2005.asmx 200 841 30093 1.1 timeclock-sql - - - The first several entries are my web application repeatedly trying to access the reportservice2005 endpoint. The last entry is me manually accessing the reportservice2005 endpoint via a web browser, and authenticating with the same username/password that the web application is trying to use. Is there a better place to look to get more detailed information on the type of authorization issue I'm having?

I have solved my own problem. Apparently Kerberos authentication is installed on the SQL 2008 Server, and tries to take over authentication even if I have no desire to use it. I found this page on my own: http://msdn.microsoft.com/en-us/library/cc281310.aspx It details the authentication types, and informed me that the "Negotiate" type first tries to use Kerberos Authentication, then if no ticket is available it will attempt NTLM authentication. Apparently my code was getting a kerberos ticket, and failing authentication - after which no second attempt is tried - thus never falling back on NTLM. Since I have no control over the configuration of the SQL Server, I've modified my code to explicitly specify "NTLM" Authentication type, rather than "Negotiate" for this particular installation.