Quest Knowledge Portal setup and permissions (41267)

When setting permissions for SRS, IIS and the Quest Knowledge Portal can produce access problems for users. How do I setup QKP/SRS/IIS to allow intergrated authenication in a distributed setup.

Due to the interaction of the Quest Knowledge Portal, SRS, IIS and SQL databases the passing of credentials can cause access issues.

If after reviewing the Quest Knowledge Portal Install Guide document (Included in the \Documentation\Quest Knowledge Portal folder) there continue to be access/permission problems, here are some useful pointers that may aide in troubleshooting:

1. Trust the Quest Knowledge Portal, SRS and SQL machines in the domain for delegation instead of the user accounts.

2. The Reports, Reportserver and QuestKnowledgePortal web sites should ONLY allow Integrated Authentication under the web site properties > directory security. In IIS7, you also need to enable both ASP.NET Impersonation and Windows Authentication as well as set the the application pool to "Classic".

3. Add the Quest Knowledge Portal and SRS machines names (short names and FQDN) to the Local Intranet in IE (set to bypass proxy as well)

4. The InTrust System Requirements (Included in the \Documentation\InTrust folder) document mentions permissions with SRS and the Quest Knowledge Portal, we recommend using a single AD or SQL account within the Data Source properties of the Quest Knowledge Portal and within the InTrust Manager to prevent unwanted access to the Audit Data directly, users can only run reports.