Background

Recently I worked on an Issue where we had SharePoint 2010 Published through TMG 2010 for the Extranet Access.

Rest everything was working just fine except this one piece, where we were getting an Error while trying to run the “Performance Point Dashboard Designer”.

Details

Lets discuss the scenario and troubleshooting done to get to the Root of the issue.

Have a look at the behavior which we could see on the client:

1) First we logged on to the SharePoint Site through the TMG FBA(Forms Based Authentication) Page.

2) Then we went to the link below:

image

 

 

3) After clicking on “Start Using PerformancePoint Services”(as shown above), we got to the Next Page(shown in the Screenshot below):

image

 

 

4) When we clicked on the “Run Dashboard Designer” as shown above, we got the Error as shown below:

image

 

 

Clicking on the “Details” Button showed the Results below(I have just pasted the Error Part of it here):

--- Inner Exception ---
        System.Net.WebException
        - The remote server returned an error: (401) Unauthorized.
        - Source: System
        - Stack trace:

Troubleshooting

While troubleshooting this issue we first gathered the Fiddler Trace from the client end and here is what we saw there for our Request:

image

As you can see above for this particular request(for Dashboard Designer), the client is not sending the Cookie used for FBA(Forms Based Authentication) of TMG. The Default Cookie Name for TMG’s FBA starts with cadata. And we don’t see any Cookie by that name here being sent by the client.

And because the client doesn’t send the cookie to the TMG server for this request TMG asks for Authentication back to the client and hence you see that “401 Unauthorized” in the Response Headers in the above Fiddler Trace.

That Response corresponds to the Error which we got on the client while running the “Dashboard Designer”.

You can find some more information on Forms Cookies in the Article below:

http://support.microsoft.com/kb/910443 

 

Looking at the above behavior we collaborated with the PerformancePoint Team internally and they had this to say:

PerformancePoint Dashboard Designer is a ClickOnce application that has not been tested in an extranet scenario that includes Forefront TMG. Dashboard Designer works in a Microsoft Windows-based intranet environment only.”

So, it looks like Dashboard Designer doesn’t understand Cookies. As its only designed for Intranet, it only works with Windows Integrated Authentication (NTLM).

This issue has been discussed in other Forums as well:

http://social.technet.microsoft.com/Forums/en-US/projserv2010setup/thread/9be210f4-fe6f-4f92-a086-fc133ac4a963

http://social.technet.microsoft.com/forums/en-US/ppsmonitoringandanalytics/thread/1bf3741b-c0eb-43a3-9ba7-d60f41926072/

Conclusion

So, by now you would have understood that PerformancePoint Dashboard Designer doesn’t work with Cookies  because “PerformancePoint Dashboard Designer is a ClickOnce application that has not been tested in an extranet scenario that includes Forefront TMG. Dashboard Designer works in a Microsoft Windows-based intranet environment only.”

You cant access Performance Dashboard Designer from Extranet when you have SharePoint Published through Forefront TMG 2010 using Forms Based Authentication on TMG.

 

Blog Written By

NITIN SINGH

SUPPORT ESCALATION ENGINEER, FOREFRONT EDGE SECURITY, MICROSOFT