Deployed Reports fail when a password changed for a user account specified in SQL Reporting Services (NETIQKB49375)

  • 7749375
  • 02-Feb-2007
  • 02-Jun-2011

Environment

NetIQ Analysis Center 2.x
Microsoft SQL Server Reporting Services (SSRS)

Situation

Deployed Reports fail when a password changed for a user account specified in SQL Reporting Services (SRS).

SQL Reporting Services service account password has changed.

Deployed Analysis Center reports are never written to fileshare.

Deployed Analysis Center reports fail to get sent via email or subscriptions fail.

Resolution

By default, the Report Server service account is set to LocalSystem or Network Service upon installation. The Report Server service uses the symmetric key to access the encrypted data in a report server database. This symmetric key is encrypted by using an asymmetric public key that corresponds to the computer and the user account that is used to run the Report Server service. When you change the user account that is used to run the Report Server service, the report server cannot use the asymmetric public key to decrypt the symmetric key. Therefore, the Report Server service cannot use the symmetric key to access the data from the report server database.

One symptom of this occurs during the deployment of reports in Analysis Center. Since the Report Server service performs the actual deployment (via email or to a file share), the deployment fails when the Report Server is unable to access the data.

To resolve a potential credential mis-match, you will need to use the Reporting Services utility, RSKeyMgmt.exe, to delete the encryption keys:

  1. Log on to the server that houses Microsoft SQL Reporting Services
  2. Click Start > Run and type cmd and hit Enter
  3. Run the following command at the command prompt: 

    RSKeyMgmt -d

  4. Once complete, open the Analysis Center console open a report.
  5. Click Deploy Report
  6. On the Deploy Report dialog, under Report Server Credentials, click Select Shared Report Server Data Source
  7. Click the Edit link
  8. On the page that opens, select Credentials stored securely in the report server
  9. Type the username and password that will have access to the Data Warehouse databases
  10. Click Apply
  11. Close Internet Explorer
  12. Finish deploying your report as normal (via file share or email)

The deployed report should then successfully get written to the file share or sent via email.

For more information on how to export the encryption keys before changing the service account, and then importing them after changing the service account, please see the following Microsoft KB: http://support.microsoft.com/kb/842421/en-us

When you make credential changes or corrections in Microsoft SQL Reporting Services, you can manually update the encryption keys for SRS database connections.  Microsoft SRS requires these encryption settings to be reconfigured upon every change of credentials for SRS. For more information from Microsoft, see Specifying the Credentials and Configuring a Report Server Database Connection at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/RShowto/htm/hrs_overview_v1_46r7.asp.

Cause

Changing the user account or account password specified for SQL Reporting Services will cause the encryption used in SRS to fail.

Additional Information

Formerly known as NETIQKB49375