Security Problem With SQLServer and Crystal Reports
From: Tim Burda (timburda_at_hotmail.com)
Date: 5 Nov 2004 08:15:51 -0800
We recently converted a server from Windows NT 4.0 To Windows 2000 (No
comments about the technology please :-) )
We have a web-based application that uses Crystal Reports 8.5 against
a SQLServer 2000 database to produce reports.
In the course of moving to the Windows 2000 enviroment, the reports
stopped working. We are getting an error that states "Server has not
yet been opened" --- based on searches here and at Crystal's website,
this seems like the default error for a database connection failure.
The report will execute properly if it is executed from within the
Crystal Report Editor on the new Windows 2000 web server. It (the
report) only fails when it is executed from within the web
We have the SQLServer database setup to accept both Windows-based
authtentication and SQLServer authentication. In addition, we have
auditting turned on (on the SQLServer machine) to capture successful /
failed logons. And for some reason, we are capturing NT logon attempts
in both scenarios - web vs. standalone Crystal. I don't understand why
this is happening, because the NT authentication doesn't need to take
place at all because of the SQLServer authentication.
When running from the Crystal Report Editor, the user login
successfully occurs as the domain account that I am using to login in
to the machine with. When running from the web application, the user
login fails as "IWAM_USER".
Anyone have any thoughts on what's going on and what I need to to fix