Configuring Reporting Services 2016 with ARR

Recently, i was working on a deployment where we need to configure SQL Server Reporting Services 2016 with ARR so that reporting services is exposed over the internet without exposing the machine itself. If you are looking for such implementations, then this guide is for you. Please do note that I've tested this against Reporting Services 2016. But this should be fairly the same for prior versions or Reporting Services 2017 as well.

  1. Make sure that you've installed the ARR module on the machine which is hosting IIS.

  2. Open the INETMGR and click on the Server name.

  3. In the right hand side, you should see Application Request Routing. Double click to open it.

  4. Under Actions tab in the right hand side, click on "Server Proxy Settings..."

  5. Click on Enable proxy and close the INETMGR.

  6. Open the "applicationHost.config" located under "C:\Windows\System32\inetsrv\config\"

  7. Make sure you keep a back up of the file.

  8. Search for the <rewrite> element within the file. That should be located underneath " <proxy enabled="true" /> " element.

  9. Replace the <rewrite> </rewrite> element with the following:

    <rewrite><globalRules><rule name="ARR_server_proxy_SSL" enabled="true" patternSyntax="Wildcard" stopProcessing="true"><match url="*" /><conditions><add input="{HTTPS}" pattern="on" /></conditions><action type="Rewrite" url="https://xxxxxxxxxxxx/{R:0}" /><serverVariables><set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" /><set name="HTTP_ACCEPT_ENCODING" value="" /></serverVariables></rule><rule name="ARR_server_proxy" enabled="true" patternSyntax="Wildcard" stopProcessing="true"><match url="*" /><action type="Rewrite" url="https://xxxxxxxxxxxxx/{R:0}" /><serverVariables><set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" /><set name="HTTP_ACCEPT_ENCODING" value="" /></serverVariables></rule></globalRules><outboundRules><clear /><rule name="handleCompression" preCondition="Encoding"><match serverVariable="HTTP_ACCEPT_ENCODING" pattern="^(.*)" /><conditions logicalGrouping="MatchAll" trackAllCaptures="true" /><action type="Rewrite" value="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" /></rule><rule name="Outbound" preCondition="json" stopProcessing="true"><match filterByTags="None" pattern="(.*)//xxxxxxxxxxxxx /(.*)" /><conditions logicalGrouping="MatchAll" trackAllCaptures="true"></conditions><action type="Rewrite" value="{R:1}//xxxxxxxxxxxxx /{R:2}" /></rule><preConditions><preCondition name="json"><add input="{RESPONSE_CONTENT_TYPE}" pattern="application/json.*" /></preCondition><preCondition name="Encoding"><add input="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" pattern=".*" /><add input="{RESPONSE_CONTENT_TYPE}" pattern="application/json.*" /></preCondition></preConditions></outboundRules><allowedServerVariables><add name="HTTP_ACCEPT_ENCODING" /><add name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" /></allowedServerVariables></rewrite>
  10. Do ensure that the hostname values are changed to the appropriate server URL that hosts Reporting services under the Global rules as shown below:

    <rule name="ARR_server_proxy_SSL" enabled="true" patternSyntax="Wildcard" stopProcessing="true">

    <match url="*" />


    <add input="{HTTPS}" pattern="on" />


    <action type="Rewrite" url="https://SSRS Server name from URL /{R:0}" />

    <rule name="ARR_server_proxy" enabled="true" patternSyntax="Wildcard" stopProcessing="true">

    <match url="*" />

    <action type="Rewrite" url="https://SSRS Server name from URL /{R:0}" />

  11. . Under the Outbound rules, replace the pattern with the Report server URL name and the rewrite action with the ARR server URL name as shown below:

    pattern="(.*)// SSRS Server name from URL /(.*)"

    <action type="Rewrite" value="{R:1}//ARR Server URL name/{R:2}" />

  12. Restart IIS using the command IISRESET.

Do note that this rule is written for both HTTP as well as HTTPS. So, if you use either one of them, it should continue to work. The authentication that we enabled for ARR server was Anonymous and for Reporting Services we used Basic authentication (RSWindowsBasic).


Hope this helps!


[All posts are AS-IS with no warranty and support]