When you are setting up Dynamics AX 2009 Role Center and Enterprise Portal in a multi server environment where each component is running on Windows Server 2008 you may get confronted with an authentication issue.
The base requirement for a multi server scenario to work is to use Kerberos authentication and configuring Service Principle Names (SPNs) for the Service Accounts in use (like the Business Connector Proxy Account) otherwise the whole scenario will not work at all.
However even if Kerberos and SPNs are configured correctly you can run into an authentication issue, if you have the following components running on their own server with Windows Server 2008 as the operating system:
We ran into the following two issues where in the first case we had the Enterprise Portal, SQL Reporting Services and SQL Analysis services all running Windows Server 2008 and each service was running on a separate server. When a user browses a Role Center page that has web parts running a SQL Server Report or Business Overview/KPI list and where the data comes from an analysis server database, we get the following error displayed within the webpart which should display a report:
We also ran into a similar issue where we had both the SQL Server Reporting and Analysis Services running on server and Enterprise portal on a remote server. When a user browses a Role Center page containing web parts that runs the Business Overview/KPI List, the web parts fails to run. The web parts displaying SQL Reports worked fine.
In both cases and we get a similar error as to the following logged in the Windows application event log either on the Enterprise Portal Server or SQL Reporting Server:
In both cases we resolved the issue by installing the Windows Server 2008 hotfix KB 969083 : "A Kerberos authentication fails together with the error code 0X80090302 or 0x8009030f on a computer that is running Windows Server 2008 or Windows Vista when the AES algorithm is used" on the Enterprise Portal, SQL Server Reporting and Analysis Servers.
The following BLOG post discusses the Kerberos authentication issues with SQL Server Analysis Server in greater detail:
Updated Errors may occur after configuring Analysis Services to use Kerberos authentication on Advanced Encryption Standard Aware Operating Systems