When using Microsoft Dynamics CRM to run reports from a Reporting Services server that is installed on a separate machine, and windows integrated security, you have either of the two following possibilities:
1. Enabling Kerberos
In this configuration with Microsoft Dynamics CRM on one server, and Microsoft SQL Server and Reporting Services on another, double-hop Kerberos authentication is required for listing reports:
- When a user lists reports, authentication is done first by the Microsoft Dynamics CRM server (hop 1), and then by the Microsoft SQL Server Reporting Services server (hop 2).
- When a user views a report, the request goes directly to Reporting Services and from there to the Microsoft Dynamics CRM database on the server running Microsoft SQL Server. Since Reporting Services and Microsoft SQL Server are on the same server, double-hop authentication isn’t required.
In this configuration, the Microsoft Dynamics CRM server is the middle server, so it is the server you must configure for trust for delegation.
2. Installing the Data Connector
If you want to avoid enabling Kerberos, you have another possibility in CRM 2011: installing the data connector.
The SRS Data Connector is a service that connects the Microsoft Dynamics CRM 4 or 2011 Server computer to the Microsoft SQL Report Server computer. The SRS Data Connector eliminates the Kerberos double-hop authentication that was required for Microsoft Dynamics CRM 3.0 deployments where Microsoft SQL Server Reporting Services was installed on a separate computer. The SRS Data Connector is installed as a separate component.
In CRM2011, the data connector is included in the Microsoft Dynamics CRM Reporting Extensions.
For more information you can check the document “Microsoft Dynamics CRM 2011 Installing Guide.doc” with the instruction s to follow to install it on the page 12 under Install Microsoft Dynamics CRM Reporting Extensions
Microsoft Dynamics CRM 2011 Implementation Guide
Hope it is useful,
Reporting Services Support Engineer