Reporting Services Issue on MOSS 2007 Extranet Deployment

09 Feb

Scenario:As shown in following figure, we have deployed two WFEs on least trusted domain (e.g., ABC domain) and central admin, database servers, and reporting services(i.e., Reporting Services running on SharePoint Integration Mode) are in Highly Trusted Domain (e.g., XYZ Domain).

Reporting Services on Extranet MOSS 2007 Environment

Moreever there is an one-way trust between Extranet Domain and Intranet Domain. When users are trying to access or upload the rdl files to SharePoint environment, users are experiencing logon challenges (i.e., Double-Hop problem)

We were tried to engage MSFT customer support and they were said that we need to have a two-way trust between extranet domain and intranet domain. That is not make sense to our corporate architecture team. Then finally MSFT support asked us to move database+reporting services server and central adminstration server to least trusted domain (i.e., Extranet Domain) – this is obviously worst suggestion by MSFT support since we can not expose database and central administration servers to extranet. Finally, we dig into the issue and resolved the issue by adding the IP address of WFEs in host entry of each WFEs.

If you are experencing same issues as described above, please add the IP address of WFEs into host entries of each WFEs.

Hope this helps!


Posted by on February 9, 2010 in Reporting Services, Sharepoint



2 responses to “Reporting Services Issue on MOSS 2007 Extranet Deployment

  1. Venky

    February 11, 2010 at 2:30 am

    Good post! – helped us in our environment

  2. MetaManu

    February 23, 2010 at 10:44 am

    While putting a host will prevent node hopping (WFE1 calling WFE2), accessing account-secured ressources outside the sharepoint Farm itself will still fail without the trust (i mean, like a database with individual security mapping, or exchange).

    Apart from that, it is sadly commonly used by sharepoint itself if you “dedicate this server for indexing content”. Another side effect is node 2 won’t reach node1 anymore by it’s hosted url, create aliases for CA/Indexing/Excel services! 🙂


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: