Set up Reporting Services in SharePoint Integration Mode

I followed How to: Configure SharePoint Integration on Multiple Servers step-by-step to configure SharePoint Integration on two servers. But on the step "Set server defaults" of "Configure the Report Server Integration Feature in SharePoint Central Administration", I only saw this error:

An unexpected error occurred while connecting to the report server. Verify that the report server is available and configured for SharePoint integrated mode.

I was sure I followed the steps carefully. Then I tried to look for error details in Web and Database log files, but there was no any error message. After many hours of investigation, I found somebody mentioned Kerberos/NTLM on MSDN Forum. As my environment did not allow me to use Kerberos, I tried to set up NTLM on both SharePoint server and Report server:

cscript adsutil.vbs set w3svc/NTAuthenticationProviders "NTLM"

Then I was so happy to see the error disappeared! :)

SSAS Permission for Least-Privilege User Account

When using LUA (Least-Privilege User Account) on development machine, I normally add myself as sysadmin for SQL server, so that I can create database freely.

As SSAS is part of SQL Server, I took it for granted that my account was also sysadmin in SSAS. But it turned out that SSAS has different permission settings from SQL Server.

When I tried to deploy an SSAS project, Visual Studio threw the error:

Error -1055391738 : Either the '[domain]\[account]' user does not have permission to create a new object in '[machine]', or the object does not exist.

So I went to SQL Server Management Studio and connected to SSAS, but I had no permission to create SSAS database manually:

Either the '[domain]\[account]' user does not have permission to create a new object in '[machine]', or the object does not exist. (Microsoft.AnalysisServices)

One way to solve the problem is to add my account to the SSAS' server role, which means to grant server-wide security privileges to my account in SSAS:
  1. Run SQL Server Management Studio as Administrator account
  2. Connect to the SSAS server
  3. Right-click the SSAS server name and select Properties from the popup menu
  4. Select Security to add account to server role

Now, I can deploy SSAS project in Visual Studio without problem.

SharePoint can not find user in its domain

It's quite weird that SharePoint (WSS 3.0) could not find any Active Directory user account from its own domain!

According to its log, WSS complained it could not get trusted domains:

05/08/2008 10:09:18.72  Error when trying to get trusted forests and domains. Exception message: Access is denied.  , callstack:    at System.DirectoryServices.ActiveDirectory.Forest.GetTrustsHelper(String targetForestName)     at System.DirectoryServices.ActiveDirectory.Forest.GetAllTrustRelationships()     at Microsoft.SharePoint.Utilities.SPUserUtility.GetTrustedDomains(List`1 trustedForestNames, List`1 trustedDomainNames)  
05/08/2008 10:09:18.72 Found 1 trusted forests
05/08/2008 10:09:18.72 Found 0 trusted domains
05/08/2008 10:09:18.87 Error in searching user 'Bob' : System.DirectoryServices.DirectoryServicesCOMException (0x8007052E): Logon failure: unknown user name or bad password. at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) at System.DirectoryServices.DirectorySearcher.FindAll() at Microsoft.SharePoint.WebControls.PeopleEditor.SearchFromGC(SPActiveDirectoryDomain domain, String strFilter, String[] rgstrProp, Int32 nTimeout, Int32 nSizeLimit, SPUserCollection spUsers, ArrayList& rgResults) at Microsoft.SharePoint.Utilities.SPUserUtility.SearchAgainstAD(String input, SPActiveDirect...
05/08/2008 10:09:18.87* ...oryDomain domainController, SPPrincipalType scopes, SPUserCollection usersContainer, Int32 maxCount, String customQuery, String customFilter, TimeSpan searchTimeout, Boolean& reachMaxCount) at Microsoft.SharePoint.Utilities.SPActiveDirectoryPrincipalResolver.SearchPrincipals(String input, SPPrincipalType scopes, SPPrincipalSource sources, SPUserCollection usersContainer, Int32 maxCount, Boolean& reachMaxCount) at Microsoft.SharePoint.Utilities.SPUtility.SearchPrincipalFromResolvers(List`1 resolvers, String input, SPPrincipalType scopes, SPPrincipalSource sources, SPUserCollection usersContainer, Int32 maxCount, Boolean& reachMaxCount, Dictionary`2 usersDict).

But do I need care if the domain is "trusted" or not when only one domain exists? What I wanted was to get users from the same domain. MSDN also said "Users in the forest that the server is in (that is, a resource forest) are displayed automatically." But the reality was the opposite.

Finally, I had a try to add the WSS server's local domain using stsadm:

stsadm -o setproperty -url http://localhost:82
-pn "peoplepicker-searchadforests" -pv ""

Although I had thought that the command should do nothing because I was not supposed to do that, ironically I could see users in the PeoplePicker control! :)