Technology Tips and News
Hi All,
Our Sharepoint site has been configured claims authentication with Custom Identity Provider and we want to delegate the authentication to excel services data source. Kerberos constrained delegation is configured. But the excel services is reporting the following error,
"The data connection uses Windows Authentication and user credentials could not be delegated. The following connections failed to refresh: "
Any help?
Hi Trevor,
Yes. But the same issue came up with SSRS in Sharepoint and we augmented claims that are needed in Windows claims and it worked perfectly. But Excel Services does not work with that trick.
Thanks.
It does use C2WTS according to this https://msdn.microsoft.com/en-us/library/hh231678.aspx?f=255&MSPPError=-2147217396
Yep, you're right, sorry about that.
What kind of data source is ECS leveraging in this particular case?
I looked at EffectiveUserName. It is cool. But what should be present in the claim for this to work? is it the UPN claim?
Thanks
Anyone has the answer for this?
Thanks
Hiya.
First off, it should work. C2WT takes string input, so as long as your claim contains a valid domain UPN, it should be able to create a Kerberos ticket for that user.
So you have configured:
Delegation for C2WT account -> SSAS
Delegation for Excel services account -> SSAS
SPN's for SSAS.
What do you see when you run SQL profiler on analysis services instance, while trying to connect with Excel services?
Hey,
It didn't work for me. Tried every other configuration. Alternative solution is to use Web Application Proxy for authentication.
Thanks.
This topic is archived. No further replies will be accepted.
Other recent topics
Click here to get your free copy of Network Administrator. Over 25 plugins to make your life easier