Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
walterlarson
New Member

Is there a way to disable RC4-HMACEncryption on just SSRS service account and not break SSRS

‎09-09-2022 01:10 PM

I watched your video on "Configure Kerberos for Power BI reports in Reporting Services." I configured SPN's, ADUC object delegations & modified config file to RSWindowNegotiate and all worked fine. Now security team came back to me and stated a security scan has identified the 2019 SSRS window service account is using weak RC4-HMACEncryption. NOTE: We are running SSRS 2019 and use a user account and password to run the SSRS windows service (MSSQLSvc). My question is there a way to disable RC4-HMACEncryption on just this one SSRS service account without breaking the functionality of SSRS 2019 that I just configured per your article? I am concerned it may break something. Thanks. 

Labels:
Message 1 of 3
474 Views
0
2 REPLIES 2
d_gosbell
Super User
Super User

‎09-11-2022 04:48 PM

This is an Active Directory setting. PBIRS does not really care as long as you have a valid Kerberos ticket. You just need to make sure that the service account has the property enabled to say that it supports the higher levels of encryption (so if you can I would suggest going up to AES256).

 

You can break things if you configure this wrong, but as long as you have both the AD policy set that requires AES256 for Kerberos and have the setting enabled on the service account to say that it supports AES256 it should just work. 

 

If you can try and test this on a non-prod environment first. At my old company the IT team just enabled the group policy setting on the server without turning on the setting on the service account and this broke us for a few days until I figured out what had happened. Then we just had to tick the option on the service account and everything started working again.

Message 2 of 3
423 Views
0
walterlarson
New Member
In response to d_gosbell

‎09-12-2022 06:07 AM

 Thanks for the great suggestion. To clarify further, where exactly in the Active Directory object are you suggesting I tick the option that supports higher levels of encryption for everthing to work? I have included a print screen of my Active directory object user account we are using a a service account to run the SSRS service.  These setting on the ADUC SSRS object Microsoft recommended in order to get SSRS browser to work properly. 

 

Reporting services ADUC settings.PNG 

Message 3 of 3
414 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All