Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Enhance your career with this limited time 50% discount on Fabric and Power BI exams. Ends August 31st. Request your voucher.

Reply
walterlarson
New Member

Is there a way to disable RC4-HMACEncryption on just SSRS service account and not break SSRS

‎09-09-2022 01:10 PM

I watched your video on "Configure Kerberos for Power BI reports in Reporting Services." I configured SPN's, ADUC object delegations & modified config file to RSWindowNegotiate and all worked fine. Now security team came back to me and stated a security scan has identified the 2019 SSRS window service account is using weak RC4-HMACEncryption. NOTE: We are running SSRS 2019 and use a user account and password to run the SSRS windows service (MSSQLSvc). My question is there a way to disable RC4-HMACEncryption on just this one SSRS service account without breaking the functionality of SSRS 2019 that I just configured per your article? I am concerned it may break something. Thanks. 

Labels:
Message 1 of 3
915 Views
0
2 REPLIES 2
d_gosbell
Super User
Super User

‎09-11-2022 04:48 PM

This is an Active Directory setting. PBIRS does not really care as long as you have a valid Kerberos ticket. You just need to make sure that the service account has the property enabled to say that it supports the higher levels of encryption (so if you can I would suggest going up to AES256).

 

You can break things if you configure this wrong, but as long as you have both the AD policy set that requires AES256 for Kerberos and have the setting enabled on the service account to say that it supports AES256 it should just work. 

 

If you can try and test this on a non-prod environment first. At my old company the IT team just enabled the group policy setting on the server without turning on the setting on the service account and this broke us for a few days until I figured out what had happened. Then we just had to tick the option on the service account and everything started working again.

Message 2 of 3
864 Views
0
walterlarson
New Member
In response to d_gosbell

‎09-12-2022 06:07 AM

 Thanks for the great suggestion. To clarify further, where exactly in the Active Directory object are you suggesting I tick the option that supports higher levels of encryption for everthing to work? I have included a print screen of my Active directory object user account we are using a a service account to run the SSRS service.  These setting on the ADUC SSRS object Microsoft recommended in order to get SSRS browser to work properly. 

 

Reporting services ADUC settings.PNG 

Message 3 of 3
855 Views
0

Helpful resources

Announcements
July 2025 community update carousel

Fabric Community Update - July 2025

Find out what's new and trending in the Fabric community.

July PBI25 Carousel

Power BI Monthly Update - July 2025

Check out the July 2025 Power BI update to learn about new features.

View All