Microsoft Dynamics CRM handles all the reports with Microsoft SQL Server Reporting Services (SRS). SRS is a separate application that you can install on a different server than SQL Server or the Microsoft Dynamics CRM Server if desired. Microsoft Dynamics CRM then connects to SRS by using the Reporting Services URL, as specified during installation.
When is Data connector used?
The Connector for Microsoft SQL SRS is not required during a normal, non-IFD installation. For IFD installations, or when you make modifications to the default setup, Data connector installation is mandatory for running the reports.
Data connector is also required when the scheduling reports are used in CRM.
What does Data Connector do?
Previous versions of Microsoft Dynamics CRM had a common problem with CRM and SRS communication, referred to as the double-hop Kerberos authentication. When both were installed on different servers it was required that we enable delegation in order to pass the authentication token to SSRS.
In CRM 4.0, we did away with the requirement for delegation to be configured by introducing the component called the SQL Reporting Services Data Connector. It’s basically a data processing extension which attaches itself to the SSRS server and accepts the auth information from the CRM server and passes it to the SSRS server. This resolves a common authentication problem when trying to access and run reports in previous versions of Microsoft CRM, referred to as “The Kerberos double-hop authentication issue.”
A common issue while installing CRM data connector
The above error/warning is caused because of the following conditions:
Condition 1 – Error
- A Microsoft Dynamics CRM server is installed on the computer where CRM connector is being installed
- The CRM server is running under the same account as the Report server application pool
Condition 2 – Warning
All CRM components: SQL, SRS are installed on a computer that is running Microsoft Server Small business edition where Connector is being installed
What happens behind the scenes?
The reason you are encountering this error is because of a security issue that can occur if the CRMAppPool and the application pool used by SRS are the same account. While communicating to the SQL server.
When using the CRM Data Connector, it authenticates from SRS to SQL as the SRS Application Pool Identity and CRM grants the SRS app pool account the CRMReaderRole, which grants select permissions to the filtered views. When CRM is installed, the CRMAppPool identity is granted dbo permissions to the database. If both accounts are the same, the account used for the CRM Data Connector would have full database access.
Therefore to help make the data more secure, before you install CRM 4.0 connector, you can either:
a) Install CRM and SQL reporting services on different machines
b) Configure Reporting services App pool on the computer to user a different account.
We're always looking for feedback and would like to hear from you. Please head to the Dynamics 365 Community to start a discussion, ask questions, and tell us what you think!