SQL SSRS Logins Test

All users or applications who request access to report server content or operations must be authenticated before access is allowed. The following authentication types are supported by Reporting Services:

Authentication Type

Description

RSWindowsNegotiate

Attempts to use Kerberos for Windows Integrated authentication first, but falls back to NTLM if Active Directory cannot grant a ticket for the client request to the report server. Negotiate will only fall back to NTLM if the ticket is not available. If the first attempt results in an error rather than a missing ticket, the report server does not make a second attempt.

RSWindowsNTLM

Uses NTLM for Windows Integrated authentication. The credentials will not be delegated or impersonated on other requests. Subsequent requests will follow a new challenge-response sequence. Depending on network security settings, a user might be prompted for credentials or the authentication request will be handled transparently.

RSWindowsKerberos

Uses Kerberos for Windows Integrated authentication. You must configure Kerberos by setting up setup service principle names (SPNs) for your service accounts, which requires domain administrator privileges. If you set up identity delegation with Kerberos, the token of the user who is requesting a report can also be used on an additional connection to the external data sources that provide data to reports.

RSWindowsBasic

Basic authentication is defined in the HTTP protocol and can only be used to authenticate HTTP requests to the report server. Credentials are passed in the HTTP request in base64 encoding. If you use Basic authentication, use Transport Layer Security (TLS), previously known as Secure Sockets Layer (SSL) to encrypt user account information before it is sent across the network. SSL provides an encrypted channel for sending a connection request from the client to the report server over an HTTP TCP/IP connection.

If the Report Server repeatedly fails to authenticate login requests from users/applications, then these users/applications will not be able to access critical report server content and operations for indefinite periods of time. This can impact user productivity and application performance!

To ensure peak application performance and a high quality user experience at all times, administrators will have to track login attempts to the server using RSWindows authentication, promptly capture authentication failures, and quickly investigate the reasons for the failures. This is where the SQL SSRS Logins test helps!

This test monitors login attempts to the report server via RSWindows authentication, and alerts administrators to failed login attempts (if any).

Target of the test : A Microsoft SQL Server Reporting Services server

Agent deploying the test : A remote agent

Outputs of the test : One set of results for the report server being monitored

Configurable parameters for the test
Parameters Description

Test period

How often should the test be executed

Host

The host for which the test is to be configured.

Port

The port at which the specified Host listens.

Instance

The name of a specific SQL Report server instance to be monitored. The default value of this parameter is “default”. However, if the Microsoft SQL Server hosting the SQL Reporting Server database uses named instances, then do the following:

  • Configure the Instance parameter with the name of the SQL Server instance that hosts the SQL Report Server database.
  • Do not change the default value of the Port parameter

Is Passive

If the value chosen is Yes, then the Microsoft SQL server (hosting the SQL report server database) under consideration is a passive server in a SQL cluster. No alerts will be generated if the server is not running. Measures will be reported as “Not applicable’ by the agent if the server is not up.

Measurements made by the test
Measurement Description Measurement Unit Interpretation

Login attempts

Indicates the number of login attempts made to the SQL Report server that used RSWindows authentication that were .

Number

 

Login success

Indicates the number of login attempts using RSWindows authentication that were successful.

Number

 

Login failures

Indicates the number of login attempts using RSWindows authentication that failed.

Number

Ideally, the value of this measure should be 0. A non-zero value implies that one/more login attempts have failed.

A login can fail if the RSWindows authentication is not configured correctly on the Report server.

Active connections

Indicates the count of user/application connections to the SQL Report server that are currently active.

Number

This is a good indicator of the connection load on the SQL Report server.