I’ve been meaning to write briefly about this for a while, a colleage at one of our clients  who used to be an MVP worked with Microsoft to try to solve this issue which it apparentl;y has been in the October 2011 CU, but I’ve not actually confirmed this myself.

If you have a SharePoint 2010 Farm  and create a Reporting Services Report which relies on Kerberos to authenticate with the backend data source, then even if you have everything correctly configured, and everything appears to work through Reporting Services correctly, you can still recieve that dreaded “Access Denied” for NT AUTHORITY\ANONYMOUS LOGON which appears to imply that you’ve incorrectly set up Kerberos.  If you post your issue on a Forum, you’ll get 10,000 repsonses about SPNs and stuff, but you know you’ve done it right, so they don’t help.

The issue is actually a bug in the ReportViewer webpart used by PerformancePoint itself. MS know about it and as I say, apparently it has been fixed in October 2011 CU.  But the only workarounds at the moment are either not to use that webpart or to use fixed crdentials, i.e don’t use Kerberos.

Hope that saves somebody some time …

Cheers

Dave Mc