June 2004
© Microsoft Corporation, 2004. All rights reserved.
The Reporting Services documentation team welcomes your comments about this readme documentation. You can send e-mail feedback using the link below. All feedback must be in English. If you are using a non-English browser and are configuring Outlook Express for the first time, you may need to click the link again after Outlook Express is configured. Users of Asian language browsers should ignore any corrupted characters that appear in the subject line or body of the e-mail message. To submit written feedback about this document, click here: Submit feedback.
1.0 Introduction
1.1 Overview of SP1 Installation
1.2 Identifying the Current Version of Reporting Services
2.0 Downloading and Extracting SP1
3.1 Back Up Your Report Server Databases
3.2 Installing SP1
3.3 Installing SP1 on a Report Server Web Farm
3.6 Removing SP1
3.7 Rebuilding an SP1 Installation
4.1 Report Design and Processing
4.1.1 Excel Rendering Extension
4.1.2 PDF Rendering Extension
4.1.3 Chart Enhancements
4.1.4 External Images
4.1.5 New Lines in Expressions
4.1.6 Size Limits in Report Designer
4.1.7 Preview Cache in Report Designer
4.1.8 Hyperlink Protocols
4.2 Reporting Services Programming
4.2.1 New URL Access Parameters
4.2.2 Custom Authentication Cookies
4.2.3 Report Server System Properties
4.3.1 Hidden Parameter Support
4.3.2 New Configuration Settings
4.3.3 Security Concerns About Integrated Security and Elevated Permissions
This release of Service Pack 1 (SP1) for Microsoft® SQL Server™ 2000 Reporting Services includes bug fixes, performance enhancements, and some functional enhancements. To view a list of the bug fixes in SP1, see Microsoft Knowledge Base article 839796.
Late-breaking information that was not available in time to be included in this readme file will be published on the Microsoft Product Support Services Web site in Microsoft Knowledge Base article 843369.
Reporting Services SP1 is an update that you can apply to an existing installation of Reporting Services. You can run SP1 by double-clicking the self-extracting executable or by extracting the files and running Setup from the command line. Setup upgrades only the components that are currently installed. If you subsequently install additional components, you must rerun SP1 Setup to update those components. SP1 Setup does the following:
This service pack is independent of Service Pack 4 (SP4) for SQL Server 2000. If you are installing Reporting Services SP1 after SQL Server SP4 is released, Microsoft recommends that you apply SP4 first.
Incompatibilities exist between Reporting Services SP1 and early beta versions of Windows XP SP2. (These issues were resolved in later beta versions.) If you are using Reporting Services with Windows XP SP2, Microsoft recommends that you apply the release version of the service pack before installing Reporting Services SP1.
To identify which version of Reporting Services you have installed, type the URL of the report server (for example, http://<exampleWebServer>/reportserver). Version information is located at the bottom of the page. The final product release is build 8.00.0743.00.
SP1 does not upgrade Reporting Services Books Online. However, you can download the current version (January 2004) from Microsoft. To download the documentation update, go to Reporting Services Books Online January 2004 Update.
SP1 is distributed as a self-extracting download file that can be downloaded from Microsoft. For more information about the download location, go to the Reporting Services Web site.
To install SP1, use the installation instructions in the following sections. It is not necessary to stop or pause the Report Server Windows or Web service prior to running SP1 Setup.
Note that SP1 Setup is localized into all of the SQL Server languages. SP1 Setup will detect the language that was in effect on your computer when you installed the final release of Reporting Services; the Setup user interface and error messages appear in that language.
Remote installation of SP1 is not supported. SP1 installation will fail if Reporting Services components (final product release) are not installed.
SP1 modifies the following files and components:
SP1 does not modify the following items:
Before installing SP1, back up the reportserver and reportservertempdb databases. If you haven't done so already, you should also back up a copy of the database encryption keys (for more information, see Managing Encryption Keys).
Installing SP1 modifies the databases, making them incompatible with pre-SP1 versions of Reporting Services. These backups will therefore be useful if you decide to reinstall SQL Server 2000 Reporting Services without SP1.
Run SP1 Setup from one of the following locations:
Note In order to install server components from a network share, you may need to do one of the following:
SP1 Setup displays a dialog box that displays the End User License Agreement (EULA) and then prompts you to install.
Setup will use your domain account credentials (Windows integrated security) to upgrade the report server database. You must have dbo permissions on the report server databases to perform the upgrade. If you want to use different credentials, you should run SP1 Setup from the command line.
You can view log files to troubleshoot installation problems or to verify installation. SP1 Setup writes status message, errors, and warnings to two different log files:
To view the log files, click Start, click Run, type %temp% in the Run dialog box, and click OK. Browse the Temp folder contents to find the log file you want.
After SP1 Setup is complete, you may need to restart the system. After the system restarts (or after Setup completes without requesting a restart), open Services in Control Panel to make sure that the Report Server Windows service is running. You should also open Report Manager and view reports to ensure that your installation is working.
Be sure to back up the upgraded reportserver and reportservertempdb databases. You do not need to create a new backup of the encryption keys or adjust any settings. SP1 does not modify connection information or invalidate the pre-SP1 encryption capability of your report server.
If you have deployed Reporting Services on a Web farm, you must run SP1 Setup on each computer that hosts a Reporting Services component. This includes each report server in the cluster, and the computer that hosts the shared report server database.
You should take the servers offline until all of the report server nodes and the database are upgraded (that is, stop IIS and the Report Server Windows service). The order in which you apply SP1 is important. You must first apply SP1 to the server that hosts the report server database (this updates the database format to the SP1 version). Once you update the database, you can update the report server nodes in any order. Note that after the first node has been updated to SP1, the remaining report server nodes will not work until they have been upgraded to use the SP1 database format.
After a report server cluster has been upgraded to SP1, you cannot use Setup to automatically point a new report server instance or node to an existing report server database. Instead, use the following steps to create new report server nodes:
You can run SP1 Setup from the command line to perform a silent installation or to specify a non-default account for upgrading the report server database (by default, SP1 Setup uses the credentials of the user who is running Setup). The following parameters can be used:
The following example illustrates the syntax for specifying command line options:
SP1Setup.exe /q rssetupaccount=<mydomain>\<myusername> rssetuppassword=<mypassword>
Independent software vendors (ISVs) may redistribute this service pack to upgrade Reporting Services components that have been integrated into a third-party product.
To revert to the version that you were running before installing SP1, you must uninstall Reporting Services and then reinstall it without applying SP1 afterwards. There is no separate uninstall program for SP1. If you applied a Quick Fix Engineering (QFE) fix to your Reporting Services installation, you must reapply that QFE fix to the instance. To uninstall Reporting Services, use Add or Remove Programs in Control Panel.
Note that the report server database, upgraded to the SP1 format, is not removed when you uninstall the product. You must manually remove the SP1 version of the report server database and restore the version that was part of the pre-SP1 installation.
If you need to rebuild a Reporting Services installation that has been upgraded to SP1, do the following:
This section documents the functional enhancements introduced in SP1. It also includes updates and fixes to topics in Books Online. This section is not meant to be a description of all of the fixes provided in SP1. For a complete list of these fixes, see Microsoft Knowledge Base article 839796.
Corrections to the developer documentation are now available. To view the updates, see the following Microsoft Knowledge Base articles.
The following enhancements apply to reports, report processing and rendering, and Report Designer.
Significant improvements have been made to the Excel rendering extension. The output format produced by the rendering extension has changed. Improvements include the following:
Various improvements to pagination and matrix performance in PDF files have been made in SP1. If you have been experiencing pagination or matrix performance issues in the PDF rendering extension, see Microsoft Knowledge Base article 839796 for a complete list of fixes.
Two enhancements have been made to the charting component in SP1: labels can now be placed outside of pie charts, and the style of chart value elements can now be changed.
Previously, point labels in pie charts were only displayed inside of the chart. In SP1, you can now place point labels outside the chart. To place point labels outside the chart, you must select a position for the point labels.
To change the position of point labels in a pie chart
Note Selecting the top, top right, right, bottom right, bottom, bottom left, left, and top left buttons indicate that the point labels are displayed around the outside of the chart. Selecting Auto or the center button indicates that point labels are displayed inside the chart.
Chart styles have been enhanced for SP1. Previously, the style of a chart value element (for example, a bar or pie slice in the chart) could not be changed in Report Designer. Colors were limited to the automatic palette for the entire chart; you could not choose the colors that were assigned to each element. With SP1, the line style and fill color for an element can be edited using Report Designer. You can also use expressions to control these styles.
To edit the style of a chart element
1. Using Report Designer, create a chart. For more information about creating a chart, see "Adding a Chart" in Reporting Services Books Online.
2. In Layout view, right-click the chart, and then click Properties.
3. On the Data tab, in Values, select the value to edit, and then click Edit.
NOTE: If there is only one value series in the chart, select [Value].
4. On the Appearance tab, click Series Style.
5. On the Border and Line tab, select the line style, width, and color. To use an expression, click the Expression (fx) button next to the desired option.
6. On the Fill tab, select the color, gradient, and gradient end color. To use an expression, click the Expression (fx) button next to the desired option.
Note Providing a static value will cause all chart elements for that value series to display using the same style. For example, selecting Red for the fill color will cause all bars to become red, overriding the automatic color assignment from the chart palette. To provide different styles based on field or other values, use an expression. If you use an expression for fill color, the chart elements will be white in Layout view, but will display properly when the report is run.
Note A fill color of Transparent will cause the chart elements to display using the automatic color assignment from the chart palette.
You can now include external images in reports. External images are typically accessed through a URL. An external image in a report has a Source property of External. The Value property contains the URL to the image, for example, http://<servername>/images/image.jpg.
When the report is previewed in Report Designer, preview uses the credentials of the user to display the image. When the report is run on the report server, the report server uses the unattended execution account to retrieve the image. If the unattended execution account is not specified, the image is retrieved using no credentials (anonymous user account). If either of these accounts have insufficient rights to access the image, the image will not be displayed in the report. For more information about setting the unattended execution account on the report server, see "Configuring an Account for Unattended Report Processing" in Reporting Services Books Online.
Previously, expressions had to be contained on a single line. With SP1, expressions can include a newline character. New line characters include carriage return (CR), line feed (LF), carriage return and line feed (CRLF), paragraph separator (Unicode 2029), and line separator (Unicode 2028). The newline characters are replaced with a space when the report is processed.
The following changes have been made to page and body size in Report Designer:
Caching has been added to preview in Report Designer. When a report is previewed, the data for the report is stored in a file on the local computer. When the same report is previewed again with the same query, parameters, and credentials, Report Designer uses the cache file instead of rerunning the queries in the report. This increases performance of preview in Report Designer.
The data file is saved with the following filename: reportname.rdl.data. The file is located in the same directory as the RDL file. The file is not deleted when Report Designer is closed.
The preview cache feature can be turned off through a configuration setting. For more information, see New Configuration Settings.
Previously, all URLs in reports were limited to the protocols http:, https:, file:, ftp:, mailto:, and news:. These restrictions have been removed for hyperlinks. Hyperlinks can now contain any protocol identifier. Restrictions on other URLs, such as those for images, remain unchanged.
The following section includes new information for developers in Reporting Services SP1.
The following table describes the new URL access parameters for Reporting Services SP1.
| Use this parameter | To |
|---|---|
| rs:ParameterLanguage | Provide a language for parameters passed on a URL that is independent of the browser language. The default value is the browser language. The value can be a culture value, such as en-us or de-de. |
| rc:Parameters | Show or hide the parameters area of the toolbar. If you set this parameter to a value of true, the parameters area of the toolbar is displayed. If you set this parameter to a value of false, the parameters area is not displayed and cannot be displayed by the user. If you set this parameter to a value of Collapsed, the parameters area will not be displayed, but can be toggled by the end user. The default value of this parameter is true. |
| rc:Stylesheet | Specify a style sheet to be applied to the HTML viewer. |
The rs:ParameterLanguage URL access parameter alleviates a problem in which culture-sensitive report parameters, such as dates, times, currency, and numbers, are interpreted using the browser language. With rs:ParameterLanguage, the URL is now interpreted independently of the browser. For example, if the report server is set to a regional setting of German, but a user is accessing a URL to a report using a browser that is set to English-United States, parameter values that are passed to a report server will be misinterpreted. Consider the following URL to a report:
http://localhost/Reportserver?/SampleReports/Product+Line+Sales&rs:Command=Render&StartDate=4/10/2003&EndDate=11/10/2003
In the above case, the server, running under a culture of "de-de", generates a URL either through an e-mail subscription or a hyperlink. The hyperlink indicates that the report should be parameterized by a start date of October 4, 2003 and an end date of October 11, 2003 according to German date/time standards. However, a user that is accessing the URL through a browser set to "en-us" forces the server to interpret the values as April 10, 2003 and November 10, 2003 under United States English date/time standards. This is incorrect. To fix the problem, rs:ParameterLanguage can be used to override the browser language for parameter interpretation:
http://localhost/Reportserver?/SampleReports/Product+Line+Sales&rs:Command=Render&StartDate=4/10/2003&EndDate=11/10/2003&rs:ParameterLanguage=de-DE
In addition to a value of true and false for the URL access parameter rc:Parameters, you can now pass a value of Collapsed. When using rc:Parameters=Collapsed on a URL, the parameters area of the HTML viewer is collapsed out of sight, but can still be toggled by the user. A value of false completely removes the parameters area from the HTML viewer toolbar and makes it unavailable to the end-user.
The rc:Stylesheet parameter adds functionality to the HTML viewer by enabling custom styles. The value of the parameter is the name of the style sheet (without the .css extension) that you want to apply to the HTML Viewer. For example, if the parameter rc:Stylesheet=fancy is specified, the fancy.css style sheet in the styles directory is applied. The style sheet must be a valid Cascading Style Sheet (CSS) file and be located in the styles directory. This directory is located by default at C:\Program Files\Microsoft SQL Server\MSSQL\Reporting Services\ReportServer\Styles. The following example demonstrates how to add custom styles to the HTML Viewer:
http://localhost/Reportserver?/SampleReports/Product+Line+Sales&rs:Command=Render&rc:Stylesheet=MyStyles
If a style sheet is not specified, an internal default style sheet is applied. This default style sheet is also available in the styles directory for use as a template to create other style sheets.
Reporting Services SP1 has improved how Report Manager transmits cookies when using a custom security extension. In the previous version of Reporting Services, Report Manager transmitted only those cookies through http requests specific to the report server. In SP1, the Web service proxy that Report Manager uses to communicate with the report server can now transmit additional cookies. You can enable Report Manager to transmit these additional cookies through to the report server by adding a PassThroughCookies element to the Report Manager configuration file. Transmitting additional cookies is helpful in a single sign-on authentication solution that requires not only the report server authentication cookies, but also cookies from a third-party authentication system.
To enable additional cookies to be transmitted through http requests when using Report Manager, set the following elements in the RSWebApplication.config file:
<UI>
<CustomAuthenticationUI>
...
<PassThroughCookies>
<PassThroughCookie>cookiename1</PassThroughCookie>
<PassThroughCookie>cookiename2</PassThroughCookie>
</PassThroughCookies>
</CustomAuthenticationUI>
...
</UI>
SP1 includes two new system properties that you can read or set. The following table includes these new properties as well as the complete, updated set of system properties for a report server:
| Property | Description |
| SnapshotCompression | New in SP1. Defines how snapshots are compressed. The default value is SQL. The valid values are as follows:
SQL = Snapshots are compressed when stored in the report server database. This is the current behavior. None = Snapshots are not compressed. All = Snapshots are compressed for all storage options, which include the report server database or the file system. |
| EnableIntegratedSecurity | New in SP1. Determines whether integrated security is supported for report data source connections. The default is True. The valid values are as follows:
True = Integrated security is enabled. False = Integrated security is not enabled. Report data sources that are configured to use integrated security will not run. For more information about why you would set this property, see Security Concerns About Integrated Security. |
| SiteName | The name of the report server site displayed on the user interface. The default value is SQL Server Reporting Services. This property can be an empty string. The maximum length is 8,000 characters. |
| SystemSnapshotLimit | The maximum number of snapshots that are stored for a report. Valid values are -1 through 2,147,483,647. If the value is –1, there is no snapshot limit. |
| SystemReportTimeout | The default report processing time-out value, in seconds, for all reports managed in the report server namespace. This value can be overridden at the report level. If this property is set, the report server attempts to stop the processing of a report when the specified time has expired. Valid values are 0 through 2,147,483,647. If the value is 0, reports in the namespace do not time out during processing. The default value is 1800. |
| UseSessionCookies | Indicates whether the report server should use session cookies when communicating with client browsers. The default value is True. |
| SessionTimeout | The length of time, in seconds, that a session remains active. The default value is 600. |
| EnableMyReports | Indicates whether the My Reports feature is enabled. A value of True indicates that the feature is enabled. |
| MyReportsRole | The name of the role used when creating security policies on user's My Reports folders. The default value is My Reports. |
| EnableExecutionLogging | Indicates whether report execution logging is enabled. The default value is True. |
| ExecutionLogDaysKept | The number of days to keep report execution information in the execution log. Valid values for this property include 0 through 2,147,483,647. If the value is 0 entries are not deleted from the Execution Log table. The default value is 60. |
This section documents the user interface enhancements to Report Manager and provides updated information about report server deployment scenarios.
In Report Manager, you can now set parameter properties in a way that allows you to achieve two objectives simultaneously:
Previously, the only way to hide a parameter value was to clear the Prompt User check box in the Parameters properties page. However, a side effect of clearing the check box was that you could no longer specify a parameter value for the report at run time. This limitation has been removed. In SP1, you can clear the Prompt User check box to hide the parameter fields and values in the report. Doing so does not introduce restrictions on how you subsequently set the parameter value externally at run time.
SP1 Setup does not modify, add, or remove settings in your configuration files. However, SP1 does introduce new configuration options that you can use to change your Reporting Services installation. Each setting has a default value that is used by Reporting Services components. These values are specified in program files. You can use the default values that are provided, or add settings to a configuration file to specify different values that override the defaults.
The following configuration settings have been added in SP1 so that you can specify how temporary snapshots are stored. The report server adds temporary files as needed and then removes them when a user session or subscription process is complete. To enable this feature, you must modify configuration settings in RSReportServer.config. This feature is not enabled by default. By default, a report server stores temporary snapshots in the reportservertempdb database.
Note In addition to new configuration settings, a new system property (SnapshotCompression) has been added so that you can compress the snapshots before they are stored. Snapshot compression reduces the amount of space consumed by snapshots. Compressing snapshots also improves scalability if you have many users accessing report execution snapshots (you may encounter some performance degradation if you enable compression). Another reason for compressing snapshots is that it reduces contention issues in a report server database if you are deploying Reporting Services in a report server Web farm. For more information, see Report Server System Properties.
The following configuration settings can be added to RSReportServer.config.
| Setting | Description | Value |
| WebServiceUseFileShareStorage | When set to True, the Report Server Web service stores cached reports and temporary snapshots (created for the duration of a user session) in the file system. | True
False (default) |
| WindowsServiceUseFileShareStorage | When set to True, the Report Server Windows service stores temporary snapshots (created for the duration of a user session) in the file system. | True
False (default) |
| FileShareStorageLocation | Specifies a folder on the file system for storing temporary snapshots. You can specify one folder. Although you can specify a UNC path, doing so is not recommended. | The default value is c:\program files\Microsoft SQL Server\MSSQL\Reporting Services\RSTempFiles. |
Use the following example to guide you in adding these settings to your configuration file. The new settings are in bold.
<InstallationID>{acc27d3a-0875-44c0-8697-2532e36e9d13}</InstallationID>
<Add Key="SecureConnectionLevel" Value="0"/>
<Add Key="InstanceName" Value="MSSQLSERVER"/>
<Add Key="ProcessRecycleOptions" Value="0"/>
<Add Key="CleanupCycleMinutes" Value="10"/>
<Add Key="SQLCommandTimeoutSeconds" Value="60"/>
<Add Key="MaxActiveReqForOneUser" Value="20"/>
<Add Key="DatabaseQueryTimeout" Value="120"/>
<Add Key="RunningRequestsScavengerCycle" Value="60"/>
<Add Key="RunningRequestsDbCycle" Value="60"/>
<Add Key="RunningRequestsAge" Value="30"/>
<Add Key="MaxScheduleWait" Value="5"/>
<Add Key="DisplayErrorLink" Value="true"/>
<Add Key="WebServiceUseFileShareStorage" Value="false" />
<Service>
<IsSchedulingService>True</IsSchedulingService>
<IsNotificationService>True</IsNotificationService>
<IsEventService>True</IsEventService>
<PollingInterval>10</PollingInterval>
<MemoryLimit>60</MemoryLimit>
<RecycleTime>720</RecycleTime>
<MaximumMemoryLimit>80</MaximumMemoryLimit>
<MaxAppDomainUnloadTime>30</MaxAppDomainUnloadTime>
<MaxQueueThreads>0</MaxQueueThreads>
<UrlRoot>http://<exampleWebServer>/ReportServer</UrlRoot>
<UnattendedExecutionAccount></UnattendedExecutionAccount>
<PolicyLevel>rssrvpolicy.config</PolicyLevel>
<WindowsServiceUseFileShareStorage>False</WindowsServiceUseFileShareStorage>
<FileShareStorageLocation>
<Path> XXXXX </Path>
</FileShareStorageLocation>
</Service>
The following configuration setting can be added to RSReportDesigner.config.
| Setting | Description | Value |
| CacheDataForPreview | When set to True, the Report Designer stores data in a cache file on the local computer. For more information, see Preview Cache in Report Designer. | True (default)
False |
Use the following example to guide you in adding these settings to your configuration file. The new setting is in bold.
<Configuration>
<Add Key="SecureConnectionLevel" Value="0" />
<Add Key="InstanceName" Value="Microsoft.ReportingServices.PreviewServer" />
<Add Key="SessionCookies" Value="true" />
<Add Key="SessionTimeoutMinutes" Value="3" />
<Add Key="PolicyLevel" Value="rspreviewpolicy.config" />
<Add Key="CacheDataForPreview" Value="true" />
<Extensions>
...
</Extensions>
</Configuration>
Running a report under an account that has elevated permissions exposes your SQL Server to a security threat if the report query contains malicious Transact-SQL statements (for example, statements that create unauthorized logins, modify or delete data, or introduce erroneous data), and the report is run by a user who has elevated permission on the server that hosts the data source. For example, if an attacker publishes a report that contains a malicious query, the query will be processed under administrator credentials if either of these conditions is present:
To mitigate this threat, follow one or more of these recommended security practices:
The use of integrated security to access external data sources poses a special concern for report users, who may not know that their security token is being passed to an external data source (users are not warned in advance of running a report that the report is configured to use integrated security). In addition, users may not have the same concerns about opening a report as they would if they were opening an e-mail attachment from an unknown source. However, the security risks are the same in both scenarios. A malicious query can damage or compromise a server in the same way a malicious script that is exposed through a hyperlink or hidden in an e-mail attachment can damage or compromise a workstation.
Note that if you disable integrated security, any report data source that is currently configured to use integrated security (or subsequently configured to use integrated security after the feature is disabled) will no longer run. The following error is returned when integrated security is not supported on your report server: "This data source is configured to use Windows NT integrated security but Windows NT integrated security is disabled for this server."
To disable integrated security, use script or code to modify the EnableIntegratedSecurity system property (for more information, see Report Server System Properties). For more information about creating and running scripts, go to Scripting with the rs Utility and the Web Service.