Not comprehensive, but perhaps useful next time:
- Verify that the SPN’s are correct for the server that has the Reporting Services database. Many ways to do this, but I like the Kerberos Configuration Manager. The SPN tab should show “Good” for the instance that hosts the database. If not, fix (typically requires domain admin). Don’t let them tell you it’s working if this doesn’t report good!
- RSReportServer.Config (typically in C:Program FilesMicrosoft SQL Serversome instanceReporting ServicesReportServer) should have Authentication set to RSWindowsNegotiate (RSWindowsKerberos can work too)
- Impersonate should be set to true in the Reporting Services web.config (Note: there is no IIS for this) on the servers that host the ‘reporting services service’, which is not always/often the same as the database server that hosts the reporting services database.
- Check that the config files are the same on all the servers in the load balanced set! It’s easy to wind up with different configs and seemingly random cases of it works/it doesn’t if they don’t match
- Data source should be set to “Windows Authentication”. Test it from the reporting services portal page (which means it uses your credentials).
- This is a SQL 2008 doc, but still has good content: https://technet.microsoft.com/en-us/library/ff679930(v=sql.100).aspx