Changing the FEP2010 Reporting Account

The FEP2010 Reporting account is defined during the FEP server setup, with the installation of the Reporting role to be exact.
The account is used by SQL Reporting Services (SRS) to access the FEP data source used by reporting. Incorrect credentials may result in an error as below or similar:

image

This post is to provide you with the steps needed to change the reporting account in the occasion you have a need to do so.

Note: all below steps must be executed with an administrator account.

Access to the FEP database used by reporting

These steps must be executed on the SQL Server hosting the data warehouse database (FEPDW_XXX, where XXX is your Configuration Manager site code).

  1. Open SQL Management Studio and select Database engine from the Server type list. Enter or browse the SQL Server name hosting the reporting database.
  2. Under the Security container in SQL Management Studio, right-click Logins and then click New Login.
  3. Enter the login name (including domain) for your new reporting account.
  4. On the left-hand side in the Page selection area, select User Mappings.
  5. On the right-hand side, select the FEPDW_XXX database.
  6. In the Database role membership area below, check AN_ReaderRole and then click OK.

Access to the OLAP cube

These steps must be executed on the SQL server hosting the data warehouse database (FEPDW_XXX, where XXX is your Configuration Manager site code).

  1. In SQL Management Studio, select Connect Object Explorer from the File menu.
  2. In the Connect to Server window, select Analysis Services from the Server type list.
  3. Expand the FEPDW_XXX database and the Roles container.
  4. Right-click the ReportsUserReadRole and click Properties.
  5. Click the Membership page on the right-hand side.
  6. Add your new reporting account if it is not listed on the right-hand pane by clicking the Add button.
  7. Remove the old reporting account from the list.

Change the account on the Reporting server

These steps can be executed from any system. XXX is your Configuration Manager site code.

  1. Open https:// <reportserver> /reports (replace <reportserver> with the name of the report server).
  2. Click the Forefront Endpoint Protection_XXX link.
  3. Click the Show Details button in the top right.
  4. Click the DataSources link.
  5. Click the DefaultDataSource link
  6. Enter the credentials of the new reporting account and click Apply.

Update the reporting account in the registry

These steps must be executed on the server hosting the FEP2010 Reporting role.

  1. Open the registry editor on the reporting server.
  2. Navigate to HKLM\Software\Microsoft\Microsoft Forefront\Forefront Endpoint Protection 2010\Server
  3. Double-click REPORTUSER and enter the new reporting account (in the format domain\username).
  4. Close the registry editor.

Kurt Sarens, Senior Support Engineer