Select the product you need help with

You receive an error message when you use SQL Server 2008 Reporting Services: "HTTP 401.1 - Unauthorized: Logon Failed"

Article ID: 956158 - View products that this article applies to.

SYMPTOMS

Consider the following scenario that occurs when you use Microsoft SQL Server 2008 Reporting Services:

You try to access Report Manager or Report Server by using a URL that resembles one of the following URLs:
http://name/reports
https://name/reports
Note The name placeholder is not the name of the computer on which Report Server and Report Manager are deployed. However, the DNS Client service, the computer's hosts header files, or the computer's Lmhosts files that are located in the C:\WINDOWS\system32\drivers\etc folder are configured to send requests to name back to the report server computer.
You try to access Report Server directly by using one of the following URLs. When you do this, you experience no problems. Additionally, you can browse the Report Server namespace and view all reports by using the following URLs:
http://name/reportserver
https://name/reportserver
The ReportServerUrl element is specified in the Rsreportserver.config file and is set to resemble one of the following URLs:
http://name/reportserver
https://name/reportserver
You try to access Report Manager by using one of the following URLs:
http://name/reports
https://name/reports

In this scenario, you receive what resembles the Report Manager user interface. However, where you expect to see a list of reports, you receive the following error message:

HTTP 401.1 - Unauthorized: Logon Failed

Note If you use SharePoint Integrated mode, you receive the error message on the SharePoint Web pages. The symptoms in this scenario are most likely to occur when one of the following conditions is true:

Reporting Services is deployed in a scale-out deployment.
Reporting Services is accessed by using a user-friendly name that does not match the computer name.

Back to the top | Give Feedback

CAUSE

This problem occurs because Windows includes a loopback check security feature that helps prevent reflection attacks on your computer. Therefore, authentication fails if the FQDN or the custom host header that you use does not match the local computer name.

Back to the top | Give Feedback

RESOLUTION

To resolve this problem, specify the host name. To specify the host names that are mapped to the loopback address and that can connect to Web sites on your computer, follow these steps:

Click Start, click Run, type regedit, and then click OK.
In Registry Editor, locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
Right-click MSV1_0, point to New, and then click Multi-String Value.
Type BackConnectionHostNames, and then press ENTER.
Right-click BackConnectionHostNames, and then click Modify.
In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK.
Exit Registry Editor, and then restart the computer.

Back to the top | Give Feedback

MORE INFORMATION

The name placeholder is considered a host header. It is an alternative name for the computer on which Reporting Services is installed. You must add the NetBIOS and the Fully Qualified Domain Name (FQDN) for name to the BackConnectionHostNames list that is stored in the Windows registry.

For example, if name is a Windows computer name, such as contoso, the name can likely also be referenced in FQDN form as contoso.domain.com. You must add both representations to the list in BackConnectionHostNames.

Back to the top | Give Feedback