How to: Configure a Service Account for Reporting Services
In a Reporting Services installation, the Report Server Web service, Report Manager, and the background processing application run within a single service. The account under which the service runs is defined during Setup when you specify the account in the Service Identity page, but you can use the Reporting Services Configuration tool if you want use a different account or update the password.
If you have a report server that is configured to use SharePoint Integrated mode and you change the service account by using the Reporting Services Configuration tool, you must also open SharePoint Central Administration and use the Reporting Services Grant Database Access page to re-apply the report server and instance settings. This step will grant the new service account access to the SharePoint databases, which is required for integrating Reporting Services with Windows SharePoint Services (WSS) or Microsoft Office SharePoint Server (MOSS). For more information about how to grant database access in SharePoint Central Administration, see How to: Configure Report Server Integration in SharePoint Central Administration.
Always use the Reporting Services Configuration tool to update the service account so that other settings that depend on the service identity can be updated concurrently.
To configure the Report Server service account
Start the Reporting Services Configuration tool and connect to the report server.
On the Service Account page, select the option that describes the type of account you want to use. For recommendations about which account type to specify, see Configuring the Report Server Service Account.
If you selected a Windows user account, specify the new account and password. The account cannot be more than 20 characters.
If the report server is deployed in a network that supports Kerberos authentication, you must register the report server Service Principal Name (SPN) with the domain user account you just specified. For more information, see How to: Register a Service Principal Name (SPN) for a Report Server.
When prompted to back up the symmetric key, type a file name and location for the symmetric key backup, type a password to lock and unlock the file, and then click OK.
If the report server uses the service account to connect to the report server database, the connection information will be updated to use the new account or password. Updating the connection information requires that you connect to the database. If the SQL Server Database Connection dialog box appears, enter credentials that have permission to connect to the database, and then click OK.
When prompted to restore the symmetric key, type the password you specified in step 5, and then click OK.
Review the status messages in the Results pane to verify all tasks completed successfully.
Troubleshooting Service Identity Update Errors
Changing the service identity initiates a series of events that include restarting the service, updating the password-protected encryption key, updating URL reservations, and updating the report server database connection information if you are using the service account to connect to the report server database. You can monitor the status of these events by viewing the notifications in the Results panel at the bottom of the page. If errors occur during this process, you can try to resolve them using the following techniques:
If the symmetric key cannot be restored, you can try to restore it manually by using Restore in the Encryption Keys page. If that does not work, consider deleting the encrypted content. You will have to re-create data source connection information and subscriptions, but the rest of your content will still be available. For more information, see Backing Up and Restoring Encryption Keys.
If the service will not start, restart it manually by using the Services console application in Administrator Tools.
URL reservation errors can occur when you update the service account. Each URL reservation includes a security descriptor that includes a Discretionary Access Control List (DACL) that grants permission to the service account to accept requests on the URL. When you update the account, the URL must be recreated to update the DACL with the new account information. If the URL reservation cannot be recreated, and you know the account to be valid, try to restart the computer. If the error persists, try to use a different account.