While setting up a SharePoint 2010 environment with Reporting Services 2012, I hit an interesting error. To explain my setup, this is a Classic Mode Auth site with Kerberos enabled for the site.
I had verified that I had the proper accounts configured and Kerberos Configuration in place. Also, knowing that even in a Classic Mode site, Claims is still going to be used now with RS 2012 in SharePoint Integrated mode as we are a SharePoint Shared Service.
I have my Claims to Windows Token Service (C2WTS) set to a Domain account, and I verified it was delegating to the proper services. The claims service account was also in the local Admins group on the SharePoint Server. This is because I’ve found that it is needed to be in the Local Admin group. I haven’t found what specific right is required yet to avoid the Local Admin group.
When trying to create a Data Source for Reporting Services, when it click on Test Connection, I got the following error:
Within the SharePoint ULS log, we see the following under the "Report Server Processing" category:
Throwing Microsoft.ReportingServices.ReportProcessing.ReportProcessingException: , Microsoft.ReportingServices.ReportProcessing.ReportProcessingException: Cannot create a connection to data source ”. —> System.IO.FileLoadException: Could not load file or assembly ‘System.EnterpriseServices, Version=188.8.131.52, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a’ or one of its dependencies. Either a required impersonation level was not provided, or the provided impersonation level is invalid. (Exception from HRESULT: 0x80070542) File name: ‘System.EnterpriseServices, Version=184.108.40.206, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a’ —> System.Runtime.InteropServices.COMException (0x80070542): Either a required impersonation level was not provided, or the provided impersonation level is invalid. (Exception from HRESULT: 0x80070542)
0x80070542 = ERROR_BAD_IMPERSONATION_LEVEL
Of note, I got the same error from a Claims Mode Auth site.
While setting this up, I purposefully did incremental steps to see what was really needed to get this working. As mentioned above, I had the Claims Service Account within the Local Admin group as I wanted to see if that would be all that is needed. Apparently not. I know we have documentation indicating that you also need the local policy right "Act as part of the Operating System", but I didn’t include that out right.
The issue here is the fact that the Claims Service Account is not in the "Act as part of the Operating System" policy. I added the claims service account to that policy right:
After that, I restarted the C2WTS Windows Service and performed an IISReset. Restarting just the C2WTS Windows Service was not enough to correct the error. Possibly due to caching.
Adam W. Saxton | Microsoft Escalation Services