When a user accesses any IT Analytics report they receive the following message:
The authenticated user cannot access the requested cube. Please verify that the authenticated user has proper privileges to the requested cube on the SQL Server Analysis Services instance on which it is hosted, and that the client machine has the Microsoft SQL Server 2005 Analysis Services 9.0 OLE DB Provider installed. Additionally check the browser settings for the internet zone this site shows up in and verify that the setting called "Access data sources across domains" under Miscellaneous is set to "Enable" or "Prompt".
When the Symantec Management Platform and SQL Server Analysis Services and SQL Server Reporting Services are hosted on two different computers and the Reporting Services IT Analytics data source is set to use Windows Integrated Authentication, Kerberos is required to pass the credentials of the user from the Symantec Management Platform to the Reporting Server. Without enabling Kerberos, the connection to Reporting Services is attempted as an anonymous user, which fails authentication in a typical configuration.
There are two ways you can resolve this issue. Option 1 allows you to bypass enabling Kerberos by setting the Reporting Server’s Authentication Type to Stored Credentials. Doing this will mean that all user requests to run IT Analytics reports will impersonate the user specified in the Stored Credentials and you will not be able to utilize any of the cube security features. This is the best option if you are not concerned with restricting which cubes users can access or which data users can see inside of cubes. If you would like to continue using Windows Integrated Authentication you will need to configure Kerberos as described in Option 2.
Option 1 - Setting Reporting Server to use Stored Credentials:
To set the Reporting Server to use Stored Credentials, you can use the instructions below. If you’d like to continue to use Windows Integrated Authentication, you will need to configure Kerberos as described in Option 2.
Option 2 - Configuring Kerberos for the SMP and Reporting Services:
To complete the two-step delegation process from the user’s computer to the Symantec Management Platform and then to Reporting Services, follow the instructions below:
This issue is isolated to the following environment: