Reporting Services 2005 for the DBA – Changing Application Pool Identity

http://sqlblogcasts.com/blogs/stevechowles/archive/2007/07/02/reporting-services-2005-for-the-dba-changing-application-pool-identity.aspx

Author:Steve Chowles

报表服务DBA系列之应用程序缓存池身份更改

 

By default when you install Reporting Services it will by default use the NT Authority/NetworkService account for running the Application Pool processes. If you use NT Authority/NetworkService for the Application Pool used by the Report Server, when it connects to the SQL Server to read the Reporting Services meta data, it will connect using the account Domain/<Server>$ where <server> is the machine name where Reporting Services is installed.

默认情况下,默认安装的报表服务使用Authority/NetworkService帐号来运行应用程序缓存池中的进程. 如果报表服务器的应用程序缓存池使用NT Authority/NetworkService,当它链接SQL Server读取报表服务的数据是,它将使用Domain/<Server>$帐号,这里的<server>是报表服务安装的机器名称.

 

It is quite easy to change the account used to a different name by following the steps below. One point to note is that the accounts used by the Application Pools do not affect Reporting Services Encryption. I will be covering Encryption soon in an article which is probably going to be the most in depth one you will have ever seen so look out for that one.

使用如下步骤将很容易修改这个帐号.需要注意的一点是这个帐号不会影响到报表服务的加密功能.我将在稍后的文章中深入阐述加密问题,届时可以留意.

 

Another point worth noting is that you can have a different Application Pool for Report Server and Report Manager or you can use the same one. Even if your account is the same for Report Server and Report Manager make sure you complete all the steps below for the account.

另外一点值得提醒的是,报表服务器和报表管理器可以使用不同的应用程序缓存池,也可以使用同一个缓存池.如果使用的是同一个帐号,那么这个帐号必须完成下面所有的步骤.

 

The steps below detail how to change the accounts from NT Authority/NetworkService to DOMAIN/MyAccount

 如下详细的步骤是怎样将NT Authority/NetworkService 帐号修改成DOMAIN/MyAccount.

 

Changing the Account for the Report Server Application Pool

修改报表服务器应用程序缓冲池的帐号

 

On the SQL Server where the Reporting Service Meta Data resides complete the following

·         Create login DOMAIN/MyAccount to SQL Server

·         Add DOMAIN/MyAccount to the database master with the database role RSExecRole

·         Add DOMAIN/MyAccount to the database msdb with the database role RSExecRole

·         Add DOMAIN/MyAccount to the database ReportServer with the database role RSExecRole

·         Add DOMAIN/MyAccount to the database ReportServerTempdb with the database role RSExecRole

 在报表服务数据所在的SQL Server上完成如下步骤:

·         创建SQL Server帐号 DOMAIN/MyAccount

·         将 DOMAIN/MyAccount 加入master 数据库并赋予RSExecRole角色.

·         将DOMAIN/MyAccount 加入msdb 数据库并赋予RSExecRole角色

·         将 DOMAIN/MyAccount 加入ReportServer 数据库并赋予 RSExecRole角色

·         将 DOMAIN/MyAccount 加入 ReportServerTempdb数据库并赋予RSExecRole角色

 

Change the Identity of the Application Pool account used by Report Server Virtual Directory

·         Open IIS Manager from Administrative Tools

·         Open the Properties of the Report Server Virtual Directory and confirm the Application Pool name

·         Open the Properties of the Application Pool.

·         Click on the Identify tab

·         Click Configurable and enter the UserName DOMAIN/MyAccount and Password

·         Click OK and enter the password again to complete.

 修改报表服务器虚拟目录的应用程序缓存池的身份帐号

·         从管理工具里面打开IIS管理器

·         打开报表服务器虚拟目录的属性并确认应用程序缓存池的名称

·         打开应用程序缓存池的属性

·         点击身份页

·         点击配置并输入用户DOMAIN/MyAccount 和密码

·         点击确认并再次输入密码完成配置

 

Add DOMAIN/MyAccount to the following Local Groups on the server hosting Reporting Services

·         IIS_WPG

·         SQLServer2005ReportingServicesWebServiceUser$<machine>$<instance>

·         SQLServer2005ReportServerUser$<machine>$<instance>

 添加帐号DOMAIN/MyAccount到报表服务所在的服务器的本地用户组

·         添加到IIS_WPG组

·         添加到SQLServer2005ReportingServicesWebServiceUser$<machine>$<instance>组

·         添加到SQLServer2005ReportServerUser$<machine>$<instance>组

 

Update the Report Server Configuration file

·         Open file C:/Program Files/Microsoft SQL Server/MSSQL.n/Reporting Services/ReportServer/rsreportserver.config

·         Locate <WebServiceAccount>account<WebServiceAccount>

·         Change account to DOMAIN/MyAccount

·         Save the file

 修改报表服务器的配置文件

·         打开C:/Program Files/Microsoft SQL Server/MSSQL.n/Reporting Services/ReportServer/rsreportserver.config

·         定位到 <WebServiceAccount>account<WebServiceAccount>

·         修改 account 为 DOMAIN/MyAccount

·         保存文件

 

Update NETMAN DCOM Permissions

·         Open Component Services from Administrative Tools

·         Expand Component Services -> Computers -> My Computers -> DCOM Config

·         Right click NETMAN and select Properties

·         Click the Security tab

·         Under Launch and Activation Permissions select Customize

·         Click Edit

·         Add SQLServer2005ReportingServicesWebServiceUser$<machine>$<instance> with Local Launch and Local Activation permissions

·         Add SQLServer2005ReportingServerUser$<machine>$<instance> with Local Launch and Local Activation permissions

·         Click OK, OK

修改 NETMAN DCOM权限

·         从管理工具中打开组件服务

·         展开Component Services -> Computers -> My Computers -> DCOM Config

·         右键点击 NETMAN 并选择属性

·         点击安全页

·         在设置和激活权限下选择自定义

·         点击修改

·         将 SQLServer2005ReportingServicesWebServiceUser$<machine>$<instance>添加Local Launch 和 Local Activation 权限

·         将 SQLServer2005ReportingServerUser$<machine>$<instance> 添加 Local Launch 和 Local Activation 权限

·         点击确认

 

Stop and Start the Application Pool used by the Report Server

·         Stop the Application Pool

·         Start the Application Pool

·         From Reporting Services Configuration Manager confirm the Web Service Identity has a Green tick

 停止和启动报表服务器使用的应用程序缓存池

·         停止应用程序缓存池

·         启动应用程序缓存池

·         从报表服务配置管理器中确认Web Service Identity 是绿色符号(PS:绿色表示正常).

 

 

Changing the Account for the Report Manager Application Pool

修改报表管理器的应用程序缓存池帐号

 

Some of these will be duplicated if you are using the same account for Report Server and Report Manager

 如果和报表服务器使用同样的缓存池的话,下面一些步骤是重复的.

Change the Identity of the Application Pool account used by Report Manager Virtual Directory

·         Open IIS Manager from Administrative Tools

·         Open the Properties of the Report Manager Virtual Directory and confirm the Application Pool name

·         Open the Properties of the Application Pool.

·         Click on the Identify tab

·         Click Configurable and enter the UserName DOMAIN/MyAccount and Password

·         Click OK and enter the password again to complete.

修改报表服务器虚拟目录的应用程序缓存池的身份帐号

·         从管理工具里面打开IIS管理器

·         打开报表服务器虚拟目录的属性并确认应用程序缓存池的名称

·         打开应用程序缓存池的属性

·         点击身份页

·         点击配置并输入用户DOMAIN/MyAccount 和密码

·         点击确认并再次输入密码完成配置

 

Add DOMAIN/MyAccount to the following Local Groups on the server hosting Reporting Services

·         IIS_WPG

·         SQLServer2005ReportingServicesWebServiceUser$<machine>$<instance>

·         SQLServer2005ReportServerUser$<machine>$<instance>

 添加帐号DOMAIN/MyAccount到报表服务所在的服务器的本地用户组

·         添加到IIS_WPG组

·         添加到SQLServer2005ReportingServicesWebServiceUser$<machine>$<instance>组

·         添加到SQLServer2005ReportServerUser$<machine>$<instance>组

 

C:/Windows/Temp folder Access

·         Make sure the DOMAIN/MyAccount has read and write access to this folder.

文件夹C:/Windows/Temp的访问权限

·         确保 DOMAIN/MyAccount 拥有对这个文件的读写权限.

 

Stop and Start the Application Pool used by the Report Manager

·         Stop the Application Pool

·         Start the Application Pool

停止和启动报表管理器使用的应用程序缓存池

·         停止应用程序缓存池

·         启动应用程序缓存池

 

Stop and Start the Application Pool used by the Report Server

·         Stop the Application Pool

·         Start the Application Pool

  停止和启动报表服务器使用的应用程序缓存池

·         停止应用程序缓存池

·         启动应用程序缓存池

 

大功告成!.