Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Earn the coveted Fabric Analytics Engineer certification. 100% off your exam for a limited time only!

Reply
EAWright
Frequent Visitor

Save Report to Secure (HTTPS) Server

While trying to save a report from Power BI Desktop (May 2019) to our Report Server instance I am getting an Error: Unexpected Error message. 

 

Our Report Server URL is along the line of https://test.bi-reports/rs-bi/reports and as near as I can tell the save function is falling over on trying to authenticate on the server to complete the action. 

 

Looking at the RSPortal log on the Repot Server there is a message
|Sending response. Response code NT AUTHORITY\ANONYMOUS LOGON 422, 

10 REPLIES 10
d_gosbell
Super User
Super User


@EAWright wrote:

Our Report Server URL is along the line of https://test.bi-reports/rs-bi/reports and as near as I can tell the save function is falling over on trying to authenticate on the server to complete the action. 

 


This URL does not sound right. The default would URL is <server>/Reports but you can change the /Reports in the configuration manager. So it could be https://test.bi-reports/rs-bi  or https://test.bi-reports/reports but the actual server url. 

 

The fact that you got a 422 error (which is an unprocessable entity error) makes me think your portal URL is probably just https://test.bi-reports/rs-bi otherwise you would get a report server not found error.

I have used the appropriate URL and I am getting an error message returned that I do not have access which is echoed in the log files which identifies me as an anonymous user.   

 

|INFO|39|Received request GET /api/v2.0/CatalogItems%28Path%3D%27/%27%29| RequestID =
|INFO|39|Sending response. Response code NT AUTHORITY\ANONYMOUS LOGON 403, Elapsed time 0:00:00.0026468| RequestID =

 

While accessing the site with a browser I am prompted for credentials which are reflected in the logs so I am not sure what/ how to get PBI Desktop to ask for/ pass credentials.  I would have thought that launching the PBI Desktop FROM the browser would pass who I am along with it.


@EAWright wrote:

 

While accessing the site with a browser I am prompted for credentials which are reflected in the logs so I am not sure what/ how to get PBI Desktop to ask for/ pass credentials.


This is the cause of your issue as I believe PBI Desktop only supports integrated security for publishing reports. As far as I am aware it does not have the ability to prompt for credentials and a browser can't pass credentials to another app. If you have PBIRS setup like this for a reason then I think your only option is to save the report to a local folder then use the upload option in the browser.

That approach is something that I tried initially but every time, even the most simple report returns:

An error has occurred.
There was an error uploading your .pbix file. Verify that the file has not been corrupted and that the file extension matches the format of the file.

 

In looking at the log files for this error I see:

|ERROR|20|The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.| RequestID =
|INFO|55|Sending response. Response code DOMAIN\EAWR 422, Elapsed time 0:00:00.0265593| RequestID =

 

My client is a government agency and all of their services are required to be secure (HTTPS) which is a pretty fundamental capability of a modern system.

I am kind of surprised that I am having this level of difficulty with getting it to work, asking the security folks to open port 80 is just not an option.


@EAWright wrote:

Could not establish trust relationship for the SSL/TLS secure channel.


That could indicate an issue with your certificate. I'm not really an expert on certificates, but if there is a problem with the trust relationship to the certificate authority it could cause an issue like this. Maybe go back and talk to whoever generated and installed the certificate.

 

I've setup a couple of Report Server instances with HTTPS and it was just a matter of getting our domain admins to create and install a certificate and then I picked the installed certficate from the Report Server Configuration Manager and it all worked. So Report Server definitely supports HTTPS and it's normally pretty easy to setup.

 

So I worked with with a second set of eyes to test the out the Certificate, and in continuing to poke around we discovered that we can upload pretty much any file except a .pbix. (.txt, .pdf etc)

 

We even tried uploading a .txt file with the extension changed to .pbx and received the same could not establish trust relationship error. 

 

Could there be a configuration that I missed when setting up the server/ service ?

 

I should also mention that I confirmed that the version of the desktop software matches the server version number

So that kind of makes sense as PBIRS is written as a number of components. There is a RSPortal service (which renders the User Interface), a ReportingServicesService (which handles the paginated reports) and an RSPowerBI (service which handles the pbix files) and there is a hosting and management component also. 

 

So what this sounds like is some sort of break down around the RSPowerBI component. Unfortunately this is not something I've ever seen before. You might need to consider raising a support ticket with Microsoft for this as I think it's going to need a deeper level of investigation. I have 4 different PBIRS installs in our organization, 2 dev enviroments using http, but both our Test and Prod are NLB clusters using HTTPS. We had a few issues with the test/prod clusters, but that was related to load balancing issues (we accidentally skipped one of the configuration steps), but the https configuration worked fine.

So, in my continued exploration of my issue, I learned that .PBIX is essentially a zip file. With my experience in being able to upload anything but a .PBIX named file I also tried a .zip file and that was blocked as well. (as did many other made up file extensions)

 

I am curious to know if perhaps there is some filter somewhere that is only allowing known file types and .PBIX is falling over because said filter is seeing them as either a) a .zip file in disguise or b) it does not know what it is and therefore is blocking it.


@EAWright wrote:

I am curious to know if perhaps there is some filter somewhere that is only allowing known file types and .PBIX is falling over because said filter is seeing them as either a) a .zip file in disguise or b) it does not know what it is and therefore is blocking it.


There is a whitelist of known file types that PBIRS will allow (you can edit this list by connecting to PBIRS using Management Studio), but pbix is one of the allowed file types. zip files and other random file types being blocked is the expected behaviour.

 

As I mentioned earlier, pbix files are handled by a dedicated service, so they are treated differently from any other file type. I still suspect that something strange has happened in your environment and the best way to fix this would be to engage a Microsoft support engineer by raising a support ticket.

Okay new development, when I remove the certificate / 443 configuration uploading a file on the host server works. However with adding the cert back in, even using the port 80 url causes the error to come up agian.

Helpful resources

Announcements
April AMA free

Microsoft Fabric AMA Livestream

Join us Tuesday, April 09, 9:00 – 10:00 AM PST for a live, expert-led Q&A session on all things Microsoft Fabric!

March Fabric Community Update

Fabric Community Update - March 2024

Find out what's new and trending in the Fabric Community.