Hi all, Having great difficulties using scale out deployment with kerberos authentication. Scenario: Server 1 SQL Server 2008 Default Instance on unique port SQL Server 2008 instance 'A' on unique port SQL Server 2008 instance 'B' on unique port SSRS 2008 Default Instance port 87 (Joined to RS default instance on Server 2) SSRS 2008 instance 'A' port 88 (Joined to RS instance 'A' on Server 2) SSRS 2008 instance 'B' port 89 (Joined to RS instance 'B' on Server 2) Server 2 SSRS 2008 Default Instance port 87 (Joined to RS default instance on Server 1) SSRS 2008 instance 'A' port 88 (Joined to RS instance 'A' on Server 1) SSRS 2008 instance 'B' port 89 (Joined to RS instance 'B' on Server 1) Ok so we have scale out enabled and servers are 'Joined' Changed RSReportServer.config for all instances on Server 2 to include <Authentication> <AuthenticationTypes> <RSWindowsNegotiate /> <RSWindowsKerberos /> <RSWindowsNTLM /> </AuthenticationTypes> <EnableAuthPersistence>true</EnableAuthPersistence> </Authentication> I have not been responsible for setting up SPN's and delegation for this. But I am told we have SPN's for all 3 instances of SQL Server 2008 on Server 1 and delegation enabled. Also SPN's added for all 3 RS instances on Server 2. All RS instances on Server 1 initialise and I am able to run RS reports and subscriptions with no problem (due to not passing credentials over the network) It is a defferent story for all 3 RS instances on Server 2. I get an Authentication Prompt, and after 3 attempts an empty browser window. This says to me that we have some issues with Kerberos. Can anyone suggest where/what we should be looking for? Also is it even possible to have this setup working successully? Due to multiple ports and instances on the same server? If not what would be the suggestion be to move forward? I have been thinking that to make things easier it would be worth moving each RS instance on Server 2 onto it's own server. Unfortuantely I have to prove that this will work with atleast 1 of the RS instances on server 2 before I can have extra resources.. I am open to all advice and thoughts. Many thanks, Andy

Andy, can your RS on server 2 to access server 1 RS_db and RS_tempdb?Sevengiants.com

If I log onto Server 2 and navigate to my RS instance as 'localhost' I can browse the report server and run reports, however my requests are authorised as NT AUTHORITY\ANONYMOUS USER as NTLM authentication is forced.

Andy Sorry, I got a bit confused. When you scale-out SSRS, you will have to use same reportserver db and tempdb, right? are you setting your RSDB and RSTempdb on your server 2?Sevengiants.com

Yes using the same RSDB and tempDB which is on Server 1, on first config for RS instance on Server 2 I selected 'connect to existing ReportServerDB' and pointed it at DB on Server 1 this connected with no problems as it's using my Domain Credentials (supplied in the config setup)

okay. so 1. you can see reports on both server, right? 2. you can run report on server 1, no problem, but on server 2 , it starts ask credential? If yes, what's the datasource security setting? what credential is used in the data source?Sevengiants.com