When you are setting up Dynamics AX 2009 Role Center and Enterprise Portal in a multi server environment where each component is running on Windows Server 2008 you may get confronted with an authentication issue.

The base requirement for a multi server scenario to work is to use Kerberos authentication and configuring Service Principle Names (SPNs) for the Service Accounts in use (like the Business Connector Proxy Account) otherwise the whole scenario will not work at all. 
 

However even if Kerberos and SPNs are configured correctly you can run into an authentication issue, if you have the following components running on their own server with Windows Server 2008 as the operating system:

  • Microsoft SQL Server 2005 or 2008 (including Database Engine, Reporting Services and Analysis Services)
  • Microsoft Office SharePoint Server 2007 or Microsoft Windows SharePoint Services 3.0

 

We ran into the following two issues where in the first case we had the Enterprise Portal, SQL Reporting Services and SQL Analysis services all running Windows Server 2008 and each service was running on a separate server. When a user browses a Role Center page that has web parts running a SQL Server Report or Business Overview/KPI list and where the data comes from an analysis server database, we get the following error displayed within the webpart which should display a report:

 

An error has occurred during report processing. (rsProcessingAborted) Get Online Help
Query execution failed for dataset '<some dataset>'. (rsErrorExecutingCommand) Get Online Help
The connection either timed out or was lost.
Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
An existing connection was forcibly closed by the remote host

 

We also ran into a similar issue where we had both the SQL Server Reporting and Analysis Services running on server and Enterprise portal on a remote server. When a user browses a Role Center page containing web parts that runs the Business Overview/KPI List, the web parts fails to run. The web parts displaying SQL Reports worked fine. 

In both cases and we get a similar error as to the following logged in the Windows application event log either on the Enterprise Portal Server or SQL Reporting Server:

Source: Microsoft.Dynamics.Framework.Portal
Event ID: 1000
Task Category: None
Level: Error
Description:
An unexpected error has occurred.

The connection either timed out or was lost.
Microsoft.AnalysisServices.AdomdClient.AdomdConnectionException
at Microsoft.AnalysisServices.AdomdClient.XmlaClient.EndRequest()
at
Microsoft.AnalysisServices.AdomdClient.XmlaClient.CreateSession(ListDictionary
properties, Boolean sendNamespaceCompatibility)
at
Microsoft.AnalysisServices.AdomdClient.AdomdConnection.XmlaClientProvider.Microsoft.
AnalysisServices.AdomdClient.AdomdConnection.IXmlaClientProviderEx.CreateSession(Boo
lean sendNamespaceCompatibility)
at Microsoft.AnalysisServices.AdomdClient.AdomdConnection.ConnectToXMLA(Boolean
createSession, Boolean isHTTP)
at Microsoft.AnalysisServices.AdomdClient.AdomdConnection.Open()
at
Microsoft.Dynamics.Framework.Portal.UI.WebControls.WebParts.BusinessOverviewWebPart.
InitConnection()
Unable to read data from the transport connection: An existing connection was
forcibly closed by the remote host.
System.IO.IOException
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32
size)
at System.IO.BufferedStream.Read(Byte[] array, Int32 offset, Int32 count)
at Microsoft.AnalysisServices.AdomdClient.DimeRecord.ForceRead(Stream stream,
Byte[] buffer, Int32 length)
at Microsoft.AnalysisServices.AdomdClient.DimeRecord.ReadHeader()
at Microsoft.AnalysisServices.AdomdClient.DimeReader.ReadRecord()
at Microsoft.AnalysisServices.AdomdClient.TcpStream.GetResponseDataType()
An existing connection was forcibly closed by the remote host
System.Net.Sockets.SocketException
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32
size)
 

In both cases we resolved the issue by installing the Windows Server 2008 hotfix KB 969083 : "A Kerberos authentication fails together with the error code 0X80090302 or 0x8009030f on a computer that is running Windows Server 2008 or Windows Vista when the AES algorithm is used" on the Enterprise Portal, SQL Server Reporting and Analysis Servers.

 

Further references:

The following BLOG post discusses the Kerberos authentication issues with SQL Server Analysis Server in greater detail:

Updated Errors may occur after configuring Analysis Services to use Kerberos authentication on Advanced Encryption Standard Aware Operating Systems

 

--author: Czeslawa Lagowska, Anup Shah
--editor: Anup Shah
--date: 22/Sep/2009