‘Setting up PowerBI Report Server SPN’ in hybrid environments when the PowerBI cloud service is not <yet> an option in an organization. This article will go through SPN commands, to secure via Kerberos authentication and/or smart card usage for Security requirements (i.e. STIG, CCRI, SOX, HIPAA, PCI, Security Scans, <insert other regulatory requirements here>). Lastly, PowerBI Report Server can be setup to run parallel to SSRS SQL instance. Refer to SPN commands below which helped me setup SmartCards authentication based on SPN setup.
Time to make the doughnuts again, new Security ODBC Vuln 175441 that needs to be mitigated. Not sure if you ever saw the commercials, but this is where my mind goes sarcastic humor and all. Whether you’re using ACAS/Tenable/Nessus for security scans, this may show up with your SCOM servers (MS, DB), and PowerBI Report Servers.
Let’s get started to upgrade ODBC
Action: Security scan shows a new ODBC Vuln 175441, that may impact SCOM or PowerBI Report Server talking with SQL servers.
Start with some documentation, to understand what and why…
Have Security run additional scan to verify resolved
What servers are vulnerable?
We’re focused on the ‘Security – ODBC Vuln 175441’
Begin by looking at your Security scanning tool output (PowerBI report pictured). I am also showcasing the PowerBI report, as this streamlines what the Security Admin has to provide when System Administrators (sysAdmin) reach out for debug/details.
In my case, I wanted to see what servers are impacted. The PowerBI Report has a built-in ‘Deep Dive’ tab to see the details from the scan/check. Click on the Deep Dive Tab, enter the PlugIn ID (175441 for ODBC) and hit enter. This breaks out what servers are vulnerable. Assess what servers are yours (my output simplified to show what I own with SCOM and PowerBI 🙂 Looking at the ‘NetBIOS Name’ column. Alternatively, the admin typically has the scan tool email XLS files.
Save to share or common path to put file on affected server(s).
Once moved, login to affected server(s), typically RDP with Local Administrator equivalent admin ID
Open Windows Explorer > Copy ODBC MSI to server
Open PowerShell (as Admin) window > Go to path > Run ODBCMSI
Now the ODBC popup window for install
Note the screenshots and progress prompts
Click ‘I accept’ radio button and then click ‘Next’
Click Next to move beyond the ODBC features screen
Click on Install
Watch progress bar (maybe 1-2 minutes)
Click Finished
Once the MSI installer window closes, it’s time to verify server Control Panel.
Verify server Control Panel shows update
Click on Start > Control Panel > Programs > Programs and Features
In the top right search bar, type ‘ODBC’ and hit enter to filter results.
Snapshot of Control Panel before
Snapshot of Control Panel after
Hit F5 to refresh screen output
The one question is if version 17 has to be removed to clear vulnerability. Ran into this scenario with Java, as the update left old versions.
I typically reboot the server to reinitialize server to assess any impacts, as well as boot on the new drivers. For this instance, I coordinated my July server updates were installed to simplify my admin (as both require reboot!)
Have Security run additional scan to verify resolved
Typically SME has scheduled scans that run weekly, and can run scans on-demand. Depending on urgency, you can decide whether or not waiting is relevant.
Time to update PowerBI Report Server to PowerBI May 2023 update/install for PowerBI Desktop and Report Server!
Do you use PowerBI to render monitoring insights from SCOM, SolarWinds, ACAS/Tenable, ForeScout or more? In case you didn’t know, PowerBI Report Server is the on-premise solution where updates from the PowerBI Cloud Service make way to prem at least twice a year. Time to update to ‘PowerBI May 2023’ when you’re air-gapped, or just NOT to the cloud. This post is how to upgrade PowerBI Report Server and PowerBI Desktop to the latest version. This has been a few iterations in progress, and I couldn’t find any blog showing how to update these components. NOTE: MDE/Intune/MECM/EM tools can be used to package this easily enough, but it’s typically a very small subset of servers used.
Grab a snapshot of PowerBI Report Server and Desktop Before MSI update/install
Before we upgrade to ‘PowerBI May 2023 install’ MSI’s –
Open Control Panel > Programs and Features > Search for Report (and hit enter)
Check PowerBI Desktop (shows before and after!)
Open Control Panel > Programs and Features > Search for ‘power’ (and hit enter)
Begin PowerBI Desktop update
Assuming you’ve downloaded the PowerBI updates and saved to relevant servers. Check PowerBI blog here, PowerBI Report Server page for the latest version.
Click ‘I Accept’ check box and then Next to continue Desktop install
Confirm Desktop Path
I changed to secondary drive to NOT fill up C: boot disk
Click Next to begin install
Click Next to begin install
PowerBI Desktop May2023 Next
Click Finish
Click Finish to complete update
PowerBI Desktop Reboot required prompts
PowerBI desktop prompted twice for reboot required
Click OK
Prompted again for reboot
Click OK
PowerBI Report Server update
Begin PowerShell window for PowerBI Report Server exe update
Check Version prior to install
Click on Start > Control Panel > Programs > Programs and Features
Type Report (and hit enter)
Verify version
PowerBI Report Server update
Check what’s installed before update
Check Control Panel > Programs > Programs and Features > Report (hit enter)
Begin Report Server install/update
From PowerShell as Administrator window > Type .\PowerBIReportServer.exe
Hit enter
NOTE: Similar popup output to PowerBI desktop pictured below
PowerBI Desktop and PowerBI Report Server from PowerShell, Windows Server, Control Panel, Programs and Features before install
Choose Upgrade/Install PowerBI Report Server
PowerBI Report Server Upgrade/Install prompt
Accept EULA
Click on ‘I accept’ radio checkbox
Report Server update installing
Watch while PowerBI Report Server updates
PowerBI Report Server reboot required
PowerBI Report Server prompts for reboot – ‘Restart required’
Click Close to reboot server
NOTE: Optionally click on Restart. Validate PowerBI Report server service is running via services.msc, and then check the PowerBI Report Server URL specified is functional. This may still require server reboot!
Additional verification of PowerBI Report Server install
Verify PowerBI Report Server updated from Windows Control Panel
Click on Start > Control Panel > Programs > Programs and Features
Type Power (and hit enter)
Verify the version number matches (unfortunately, Report Server does NOT list the version in the title)
Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.