We have a report server in Sharepoint Farm but when users try to connect from one of WFE, they receive HTTP 401 error but it works fine with other WFE.
We have 2 Web front ends (WFE) in the farm, PROD_MOSS01 and PROD_MOSS02. Those 2 servers are load balanced by our firewall (Forefront TMG).
A client connects to forefront, then it sends the traffic to one of the WFE, & uses the external host name. The 2 WFEs are now configured to use a new single report server, PROD_REPORT. The report service is joined to the farm, and is setup to not display web content. It was configured in SP Integrated mode, but it keeps defaulting to native mode.
If I drop the report DB and re-attach, it shows the DB is SP Integrated mode. When it attaches, it reverts back to Native.
So with this setup, only 1 WFE is able to generate reports. Initially it was PROD_MOSS01 that was working, and PROD_MOSS02 was throwing the 401 error. Now it seems to have switched which one works and which throws the error. So it looks like only 1 WFE can connect to the report sever, the other cannot.
We have the farm/report server setup to use NTLM only, but if this is a limitation of NTLM authentication, we can try & get Kerberos configured. I have not registered the SPNs for the new report sever.
Also, if you hit the server with the 401 error, you cannot configure the DM_MRCS connection string. It gives an error saying the Report server must be in SP integrated mode and attached to the farm.
Related
We have an application that uses MS Graph API to integrate with our customer's email/calendar. One of the customers (Customer A) with the Hybrid setup, have reported issues. All the users suddenly got email integration not working. We have performed a couple of testing calls (endpoint /me/sendMail) to MS Graph API using our production app credential and different environments (local, dev cloud AWS, staging cloud GCP, prod cloud GCP) and valid user tokens. Here are the results and strange behavior:
OK. If we do the calls for our own testing account (Office365, non-Hybrid) from ALL environments - everything works just fine.
OK. If we do the calls for Customer B account (Office365, non-Hybrid) from ALL environments - everything works just fine.
OK. If we do the calls for Customer A account (Hybrid setup) from LOCAL, dev cloud AWS environments - everything works just fine.
SUPER STRANGE. If we do the calls for Customer A account (Hybrid, Exchange 2016 setup) from staging cloud GCP, prod cloud GCP environments - we got 404 and the error below.
{“error”:{“code”:“MailboxNotEnabledForRESTAPI”,“message”:“REST API is not yet supported for this mailbox.“}}
Customer’s IT claims there are NO ERRORS in their logs they can tie to this problem. And they did everything in accordance with MS recommendations here https://learn.microsoft.com/en-us/graph/hybrid-rest-support#requirements-for-the-rest-api-to-work-in-hybrid-deployments
Update:
After checking more it appears, that we receive 404 when a request is served by specific MS Data Centers:
Here are the response header params for 404:
x-ms-ags-diagnostic {"ServerInfo":{"DataCenter":"UK South","Slice":"SliceC","Ring":"3","ScaleUnit":"000","RoleInstance":"AGSFE_IN_11"}}
x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"Central US","Slice":"SliceC","Ring":"2","ScaleUnit":"002","RoleInstance":"AGSFE_IN_14"}}
And we got 201(success) for:
x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"West Europe","Slice":"SliceC","Ring":"5","ScaleUnit":"003","RoleInstance":"AGSFE_IN_52"}}
I would try isolate the issue with MS Graph explorer or POSTMAN and see if i can still repro the issue or not (with the same Graph API call). If the answer is Yes, then i would file a support ticket with Microsoft, so that they can validate if there is any issue with the configuration of hybrid requirement (as they defined) or any issue with API or any issue with the IPs.
I am trying to connect my PowerBI IOS app to Reporting Services 2016 (13.0.1601.5) using documentation.
During connection I get:
Server address not valid.
A server with the specified hostname could
not be find. Make sure you're using a SQL Server 2016 Reporting
Services server adress, e.g., https://server_address/reports or
http://server_address/reports.
using working address in SQL Server Mobile Report Publisher (I can connect to dataset).
rsreportserver file contains:
<Authentication>
<AuthenticationTypes>
<RSWindowsNTLM/>
</AuthenticationTypes>
<RSWindowsExtendedProtectionLevel>Off</RSWindowsExtendedProtectionLevel>
<RSWindowsExtendedProtectionScenario>Proxy</RSWindowsExtendedProtectionScenario>
<EnableAuthPersistence>true</EnableAuthPersistence>
</Authentication>
I have configured smtp settings in web.config and I was able to successfully send email when working on my local machine. But when I uploaded the code on the server, its giving me following exception
Mailbox unavailable. The server response was: 5.7.3 Requested action aborted
Meanwhile, I also received an email from Microsoft telling me that an attempt to login to my account from a new location was blocked. I clearly understand the problem that server is in a different part of the world than where I usually login to a Windows Live account. That's why it is blocking the account to login. But I want it to login and send email using my credentials on from remote server. There must be some settings in Windows Live account but I failed to find one.
Contacting Hotmail Support Center first to find out if its really possible what you are intending to do might be helpful. I think if hotmail web administration has put a security check, it must be for a purpose of stopping such remote login activities.
We're trying to use the node-sspi package to provide Authentication for our in-house website, linking into the Domain Active Directory.
Running the example code we can authenticate from Windows machines directly, and on Safari (Mac OS X and iOS) we are challenged for credentials, as expected.
However, when we move the authentication to our backend (Node / express server running on different port to front end) we run into trouble.
The Windows machines continue to respond correctly. Domain based machines single sign on and non-domain machines challenge. During the login process the authentication process is called 3 times, and produces 2(no) 401 responses.
Safari does not challenge for a username or password. The authentication routine is called 2 times, and only one 401 error is returned.
Chrome on iOS and Mac OS X properly works and challenges for log in.
Any suggestions where to look / what to try?
I have a mobile web application and I'm testing the site by using various BlackBerry phones. I've noticed that if I use a BlackBerry 9000 (Bold) and I try and login, I receive a "500 Internal Server Error", but the login works fine when I use another BlackBerry model with a different operating system.
Any ideas?
If I had to guess, I'd say that maybe the page is setting some additional form information via Javascript, and JS is disabled in the browser. You may get more information by looking at the server logs which is where the 500 error is being generated.