Home » Microsoft » 70-467 » What should you do?
You need to configure security for the SSRS instance on SSRS01 to connect to SSAS and minimize downtime.
What should you do? (Each correct answer presents part of the solution. Choose all that apply.)
A. Register a service principal name for the Report Server service.
B. Register a service principal name for the Analysis Services service.
C. Restart the IIS service.
D. Configure SSRS01 to use the Negotiate authentication type.
E. Configure SSRS01 to use the Custom authentication type.
Correct Answer: AD
Explanation/Reference:
Explanation: A (not B): If you are deploying Reporting Services in a network that uses the Kerberos protocol for mutual authentication, you must create a Service Principal Name (SPN) for the Report Server service if you configure it to run as a domain user account.
D (not E):
* See step 6 below.
To register an SPN for a Report Server service running as a domain user
* RSWindowsNegotiate. If you initially set the Windows service account for the report server to NetworkService or LocalSystem in Reporting Services Configuration Manager, RSWindowsNegotiate is added to the RSReportServer.config file as the default setting. With this setting, the report server can accept requests from client applications requesting Kerberos or NTLM authentication. If Kerberos is requested and the authentication fails, the report server switches to NTLM authentication and prompts the user for credentials unless the network is configured to manage authentication transparently.
Using RSWindowsNegotiate is your best option because it provides the greatest flexibility for multiple clients in an intranet environment.
Not C: IIS is not mention in this scenario.
Note:
* From scenario:
/ A single-server deployment of SQL Server 2008 R2 Reporting Services (SSRS) in native mode is installed on a server named SSRS01. The Reporting Server service is configured to use a domain service account.
Reference: Register a Service Principal Name (SPN) for a Report Server
