Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
scurrp
Frequent Visitor

Gateway configuration for Paginated Reports

‎09-02-2020 06:24 PM

Hi, 

I'm stuck trying to determine if what we need to do is possible and we've got the configuration wrong.
Scenario:
Paginated Reports call stored Procedures on a database to deliver report content. 
The Gateway is installed on its own Server and runs as a Domain Service Account (AcctA).
Connections to the database work when the gateway connects to the data base as AcctA
What we want to do is connect from the gateway to the Database using a different domain service account (AcctB).
AcctA and AcctB have the same permissions on the DB at this point in time.
When we configure the Gateway to connect to the database as AcctB the following message appears.
GatewayError.png 

 

 

 

 

 

 

 

 

 

 

 

The gateway is not configured to use Kerberos (see below) but the error above indicates an impersonation issue.
For a sanity check a new gateway was installed on a seperate server and returns the same error message.
Is there something outside of the Gateway that we need to set or is the proposed scenario not possible to be configured this way.
Does AcctB need to be a named SQL user and not a domain user?
Troubleshooting in made complex as Kerberos / Gateway / DB Security are managed by different teams.

 

Thanks in advance for any assistance.
GatewaySettings.png

Labels:
Message 1 of 4
949 Views
0
3 REPLIES 3
lbendlin
Super User
Super User

‎09-02-2020 07:55 PM

You don't really want the gateway service to run under your service account.  Reinstall the gateway and let it use the default NT SERVICE\PBIEgwService account.  

 

The credentials for the connection are independent of the credentials used for the service.

Message 2 of 4
908 Views
0
scurrp
Frequent Visitor
In response to lbendlin

‎09-03-2020 09:17 PM

@lbendlin Your second point is the problem I'm trying to solve.
Are there permissions granted to NT SERVICE\PBIEgwService that would not be applied to the service account we're running the gateway as?

Message 3 of 4
895 Views
0
lbendlin
Super User
Super User
In response to scurrp

‎09-04-2020 05:30 AM

The account that the gateway is running under needs to be able to write to disk on the gateway cluster member. The account listed for each connection needs to be able to read from the data source.

Message 4 of 4
885 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All