Force https working, but creating other problems

We have SQL Enterprise 2012 SSRS setup and working, but a requirement is to force https, so articles pointed me in the direction to setup IIS to use the URL rewrite module.

The rewrite module is working beautifully as it listens for the base URL on http in the header request, and rewrites to https where the virtual directory is listening in SSRS.

The problem is when drilling down into the reports, instead of the domain name listed on SSRS links, it puts the hostname instead, which of course isn't the URL. Tried looking through the xml for settings, but nothing popped out at me.

I'm also not convinced that SSRS doesn't have something built in that forces https...???

Thanks in advance. 

September 2nd, 2014 7:45pm

A couple things to consider...

Change the SecureConnectionLevel setting in the SSRS configuration file. Go to rsreportserver.config in "\Program Files\Microsoft SQL Server\MSSQL\Reporting Services\ReportServer". Find <Add Key="SecureConnectionLevel" Value="0"/>. Change the value into "3".

Acceptable values are: 

3 Most secureUse SSL for absolutely everything.
2 SecureUse SSL for rendering and methods that pass credentials but don't insist on it for all SOAP calls.
1 Basic SecurityAccepts http but rejects any calls that might be involved in the passing of credentials.
0 Least SecureDon't use SSL at all.

Reference:
Report Manager Links with SSL

The other thing to consider is removing any references you have to HTTP binding... Check this forum post out.

http://social.msdn.microsoft.com/Forums/sqlserver/en-US/488edf44-fc86-4d8b-ae45-494b85fad3ee/force-reporting-services-2012-use-https?forum=sqlreportingservices

Free Windows Admin Tool Kit Click here and download it now
September 2nd, 2014 9:28pm

Thank you greatly for the reply, but this was not the solution.

Other items I found were specific to not using a wildcard certificate, so we bought a new certificate specific to the url. Upon using this new SSL, and changing the secureconnectionlevel to 3, now a 503 was produced. Change back to 0, and browse using https with same new certificate and loads, but URL shows http instead of https. I figured setting this all up would be the dba and not the windows admin...ssrs is literally a pain.

How can it be so difficult to bind to the ssl, and force ssl. Is there a step by step guide outside of what google returns? Going to open a microsoft support ticket in the meantime.

Thanks again for responding...

October 1st, 2014 10:51pm

When you open Reporting Server Configuration Manager and go to the web service section and report manager section, click advanced, do you have any entries for port 80/HTTP? I had to remove all entries before would work correctly.  You should only have an entry for port 443. I believe my secureconnectionlevel is set to 0 as well.  The cert i have it setup for the CNAME we had setup.
  • Proposed as answer by JJordheim Friday, May 01, 2015 1:54 PM
  • Unproposed as answer by HG-Wes 6 hours 11 minutes ago
Free Windows Admin Tool Kit Click here and download it now
October 2nd, 2014 12:46pm

I apologize I didn't come back with the solution...ended up we saw several NLA security errors, changed a registry entry, and edited the xml to bump negotiate and kerberos up and dropped NLA out.
  • Marked as answer by HG-Wes 6 hours 13 minutes ago
July 6th, 2015 8:56pm

I do run this and additional deployments we have done in 3 now, so thanks greatly
Free Windows Admin Tool Kit Click here and download it now
July 6th, 2015 8:57pm

Thanks for your reply. There wasn't any bindings for http...ended up being a reg key and editing the xml
July 6th, 2015 8:59pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics