Setting up correctly for excel services
Hi there,
I am hoping someone can point me in the right direction.
We have 3 servers. Our main server and then 2 other Virtual servers that host our sharepoint server and our SQL server.
Everything is working ok except our excel services. We have created all of our trusted locations,connections but whenever we try refresh data within a page we get an error saying that the data refresh failed due to datasource been unreachable,may not be responding or access is denied.
We don't have Kerberos configured or setup on the sharepoint server....which I am thinking maybe the problem from what I have read.
Do you think this is the problem? I have tried getting our helpdesk to install it but they won't without a valid reason.
Can anyone help?
[869 byte] By [
spnz] at [2008-2-7]
From how you've described your topology, and assuming you've defined the connections to the datasources to use windows authentication, I believe that you are correct and the lack of a kerberos delegation enviroment is the cause.
Do you require delegating the identity of the user viewing the report to the sql server? if yes, then you'll have to setup proper kerberos delegation between the server components.
If not, then I suggest you read the following for alternatives (i.e. SSO, and None):
http://technet2.microsoft.com/Office/en-us/library/7e6ce086-57b6-4ef2-8117-e725de18f2401033.mspx?mfr=true
I had the same issue. Kerberos need to be setup correctly in AD and the Excel Services security model also needs to be changed from the default, "trusted subsystem" to "delegation".
These are the commands to set Excel Services to "Delegation".
- Open Command Prompt
- Cd C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\BIN
- stsadm -o set-ecssecurity -accessmodel delegation -ssp SharedServices1
- stsadm -o execadmsvcjobs
- iisreset
Below are more information about the two.
========================================================
Trusted subsystem and delegation
When
Excel Services is deployed, the method that is used to communicate
among the different server farm components is specified. It is
configured in either trusted subsystem mode or delegation mode. This
mode can be changed only by using the Stsadm.exe command-line tool.
Trusted
subsystem (default in a farm deployment) is a mode in which the
front-end and back-end server components have a two-way trust. This
allows files to be retrieved from Office SharePoint Server 2007 by
using the Excel Services account. However, even though Excel Services
retrieves the files, it performs a security check to verify that the
user requesting the file has the appropriate permissions. In this mode,
the back-end Excel Calculation Services server does know the user's
identity, but does not have a full user security token and so cannot
delegate it to other computers.
Delegation (default in single
computer or evaluator deployment) is a mode in which the front-end
servers of the farm always delegate the user's identity to the back-end
servers. In this case, files are retrieved as the end user who is
requesting the workbook instead of the Excel Services account. The
back-end Excel Calculation Services server has the user's full identity
(security token) and so can delegate it to other servers.
