FIPS: Reporting Service error page is displayed instead of deployed report. (NETIQKB72546)

  • 7772546
  • 19-Aug-2010
  • 03-Nov-2010

Environment


NetIQ Reporting Center 1.5

Windows 2003
Windows 2008
IIS 6.0
IIS 7.0

Situation


FIPS: Reporting Service error page is displayed instead of deployed report.

Resolution


Enabling FIPS on the machine hosting Reporting Services will display vague internal error message instead of displaying NetIQ Reporting Center deployed reports.

Error message displayed:

Reporting Services Error
An internal error occurred on the report server. See the error log for more details. (rsInternalError)
For more information about this error navigate to the report server on the local server machine, or enable remote errors.

To resolve this issue modifications need to made on the Report Server and Report Manager web.config files for IIS, follow the below mentioned steps

Error Message: 

1. Navigate to reporting services installed folder
 
Example:
 
?SQL 2008:
 
C:\Program Files\Microsoft SQL Server\MSRS10.INSTANCE\Reporting Services\ReportManager
C:\Program Files\Microsoft SQL Server\MSRS10.INSTANCE\Reporting Services\ReportServer
  
?SQL 2005:
 
C:\Program Files\Microsoft SQL Server\MSSQL.2\Reporting Services\ReportManager
C:\Program Files\Microsoft SQL Server\MSSQL.2\Reporting Services\ReportServer

Note: Reporting services installed path differs based on the SQL Installation and Named instances

2. In ReportManager  folder open Web.config file, locate the <system.web> section.

3. Add the following tag <machineKey> section into the <system.web> section:
 
<machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="3DES" decryption="3DES"/>

4. Save the Web.config files.
 
5. Repeat steps 2 to 4 for the ReportServer folder web.config file as well

6. Restart the SQL Reporting Service for changes take effect.

Once all the services are restarted the new configuration should avoid problems caused by FIPS security settings enabled on a machine.

Disabling FIPS:

Once FIPS is enabled and above mentioned workaround is applied then if customer wants to disable the FIPS this modification should be removed.

Follow the below mentioned steps to remove the workaround.

1. Perform Step 1 to 3
 
2. Remove the following tag <machineKey> section into the <system.web> section:

<machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="3DES" decryption="3DES"/>

3. Perform the step 4 to 6

Cause


FIPS security restrictions prevent normal functioning of Reporting Services without web.config file modifcations for IIS

Additional Information

Formerly known as NETIQKB72546