~ Rafid Ali
Hello Everyone, Rafid Ali here with another support tip for you on configuring a ConfigMgr 2012 reporting service point for HTTPS. I have typically seen this requirement when the ConfigMgr site is configured to only accept HTTPs client communication, so to improve reporting security, here is how to setup your reporting services point to use HTTPS as well.
Introduction to reporting in Configuration Manager
Reporting in System Center 2012 Configuration Manager provides a set of tools and resources that help you use the advanced reporting capabilities of SQL Server Reporting Services (SSRS) and the rich authoring experience that Reporting Services Report Builder provides. Reporting helps you gather, organize, and present information about users, hardware and software inventory, software updates, applications, site status, and other Configuration Manager operations in your organization. Reporting provides you with a number of predefined reports that you can use without changes, or that you can modify to meet your requirements, and you can create custom reports.
In this example, we will use a scenario where my Report Server is at a remote location hosting SSRS (SQL Server Reporting Services) and the ConfigMgr Site Database is local. However, you can have your Report Server local as well.
A Certificate (with Server OID or Web Server Certificate) on the Report Server where SQL Reporting Service is hosted.
NOTE The Report Server instance and ConfigMgr Site Database instance can be on different servers but they must be the same version in order to communicate properly.
The Steps Involved
- Issuing a Certificate and Enrolling it on Report Server.
- Configuration of the Report Database and URLs
- Installation of the Reporting Services Point role.
Step 1: Issuing a Certificate and Enrolling it on Report Server
We need a certificate (with Server OID or Web Server Certificate) on our Report Server. The ‘Subject Name’ of the Certificate should be the FQDN of Report Server as the URLs will be created using the same name. You can ask your PKI expert to provide you with this certificate on the Report Server or you can refer to the article below for information on creating, issuing and requesting the certificate.
Configure the Web Server certificate template: http://technet.microsoft.com/en-us/library/ee649187(v=WS.10).aspx
Request a Certificate: http://technet.microsoft.com/en-us/library/cc730689.aspx
To verify certificate enrollment, check the Personal Store of your Report Server and verify with the ‘Template Name’ you provided initially while issuing the certificate.
NOTE Make sure that “Issued To” has your ‘Report Server FQDN’, as the URLs will be created using this name.
Step 2: Configuration of the Report Database and URLs
Open the “Reporting Services Configuration Manager” by connecting to the correct Instance. Verify that the version of ‘Reporting Service Instance’ is the same as ‘SCCM Database Instance’. If not, upgrade the Reporting Service Instance first.
Go to “Web Service URL”. You will find that the URL is already created on Port:80 but is not active. To make it active click on “Apply”.
NOTE You need to make the URL active only if Reporting Services is not configured during installation of SQL Reporting Services.
Do the Same for “Report Manager URL”:
Next select “Database”.
NOTE If the Database is already created and configured then skip this part (Database Configuration), else proceed accordingly for configuring the Report Server Database.
In my case the Database named “ReportServer_New” is already created and configured but I am proceeding with configuration of a New Database just so that you can see how this is done.
Click on “Change Database”:
Select “Create a new report server database”:
Provide the server name where the SCCM Database instance is hosted:
Provide the name of Report Server Database you want to create. Here I have provided the name “ReportServer”:
Provide the credentials as per your environment configuration. I suggest “Local System” as a good one to use.
Finish the configuration:
Once the Report Database is created you can verify the same by opening the SQL Management Console on the Site Database Server:
NOTE You can also verify the version of ‘SQL Instance’ on which the SCCM Site Database is hosted and compare it with ‘SQL Reporting Services Instance’ hosted on the Report Server.
Now go back to “Web Service URL” to configure it for HTTPS. Click on “Advanced..”:
Remove the TCP Port 80 (HTTP) identity and add the SSL identity by clicking on “Add”:
SSL Port 443 will be already selected. Select the Web Server certificate we previously enrolled:
This will create the required HTTPS URL automatically that you can verify here:
Click OK to finish the Web Service URL configuration:
You will find that the HTTPS (Web Service) URL (https://<Report Server FQDN>:443/ReportServer) is created as per your Report Server FQDN:
Click on the URL to verify that its running and verify that it’s connecting via HTTPS:
Now do the same for Report Manager URL:
You will find that the HTTPS Report Manager URL (https://<Report Server FQDN>:443/Reports) is created as per your Report Server FQDN:
Step 3: Installation of the Reporting Services Point role
Go ahead and add the Reporting Service role on the Report Server hosting the SQL Reporting Services.
IMPORTANT While adding the role make sure that you specify the following:
- “SCCM Site Database Server Name” at ‘Site Database Server Name’ (Example: PRI.contoso.com)
- “SCCM Site Database Name” at ‘Database Name’ (Example: CM_MUM)
- “Reporting Service Instance Name” at ‘Reporting Services Server Instance’ (Example: MSSQLSERVER)
- Set the “User Name”
Below is the screen shot for the same:
Once the role is added you can verify the initiation of role installation and start of the Bootstrap Service in Sitecomp.log. Do this by looking at the Site System name (i.e. Report Server):
Verify that the role was added successfully by looking in SRSRPsetup.log on the Site System (located at \\<Drive>\SMS\Logs):
If the role installation is successful, look in the SRSRP.log created at the same location and verify the HTTPS URL you created. Also verify the SSRS Instance Version as well as the creation of the Source Folder and Data Source:
Once all of the above things are verified and configured, it will start deploying Reports and creating respective folders of those reports:
Once all the reports are deployed it will check the SRS Web Service health and keep checking at regular intervals:
Once all of the reports deployed successfully, you can verify the URLs in the ConfigMgr 2012 console as well:
Now you can go ahead and start running the reports from the ConfigMgr 2012 console using HTTPS mode by using the HTTPS URL.
In Step 1 we issued a Web Server certificate and enrolled it on the Report Server, with the configuration of the URLs being the most important step that you need to focus on. In Step 2 we configured the URLs and verified that they were running properly, and that the Report Server Database was created successfully under the Master Database. Once the SSRS configuration was complete we then proceeded towards Steps 3 for the configuration of Reporting Service Point Role on our Site System (hosting the SSRS). We closely looked into the desired inputs (with examples) in the wizard while adding the role, we went through the logs and verified the configuration settings that Configuration Manager 2012 verifies before installing the Role, then we verified the successful installation of role and deployment of reports on Report Server.
1. Refer to the following article for more information on configuring the Report Server: http://msdn.microsoft.com/en-us/library/aa545752(v=CS.70).aspx
2. Refer to the following article for more information on configuring SSRS URLs: http://msdn.microsoft.com/en-us/library/ms159261.aspx
3. See the following for more information on configuring a Report Server Database Connection (SSRS Configuration Manager): http://msdn.microsoft.com/en-us/library/ms159133.aspx
Lastly, I want to extend special thanks to my colleague Jagat Singh Kathiar | Senior Tech Lead who helped me in understanding and configuring the certificate requirements for this article.
System Center All Up: http://blogs.technet.com/b/systemcenter/
System Center – Configuration Manager Support Team blog: http://blogs.technet.com/configurationmgr/
System Center – Data Protection Manager Team blog: http://blogs.technet.com/dpm/
System Center – Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/
System Center – Operations Manager Team blog: http://blogs.technet.com/momteam/
System Center – Service Manager Team blog: http://blogs.technet.com/b/servicemanager
System Center – Virtual Machine Manager Team blog: http://blogs.technet.com/scvmm
The Forefront Endpoint Protection blog : http://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity-support/
The Forefront TMG blog: http://blogs.technet.com/b/isablog/
The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/