When refreshing in the browser you may come across this error:
"External Data Refresh FailedAn error occurred while working on the Data Model in the workbook. Please try again.We were unable to refresh one or more data connections in this workbook. The following connections failed to refresh:<Connection>"
You need to first make sure you are not opening the workbook in the "Microsoft Excel Web App" (see our previous blog).
To refresh external data in PowerPivot 2013, you need to follow several steps to configure your environment & set up Delegation.
1. On the Analysis Services Server running in SharePoint mode (SQL Management Studio > Right Click the PowerPivot Instance > Properties):
2. Add the Analysis Services service account to the "Act as part of the operating system" privilege:
a. Start > Run “secpol.msc”b. Click Local Security Policy, then click Local policies, and then click User rights assignment.c. Add the service account.
*Excel Services sends the Analysis Services server a process command that instructs the server to impersonate a user account. To obtain system rights sufficient to perform the user impersonation-delegation process, the Analysis Services service account, requires Act as part of the operating system privilege on the local server. The Analysis Services server also needs to be able to delegate the user's credentials to data sources. The query result is sent to Excel Services.
3. Restart Excel Services and reboot the Analysis Services server.
4. Collect the account running "SQL Server Analysis Services (POWERPIVOT)", log on to the server running PowerPivot > Start > Run > Services.msc and locate "SQL Server Analysis Services (POWERPIVOT)", you will see the account in the "Log On As" column (write that account down, you will need it shortly).
5. Collect the account running "SQL Server Agent (MSSQLSERVER)" log on to the server running SQL > Start > Run > Services.msc and locate "SQL Server Agent (MSSQLSERVER)", you will see the account in the "Log On As" column (write that account down, you will need it shortly).
6. Add these SPNs to the account running the data source your workbook is connecting to (in my example) "SQL Server Agent (MSSQLSERVER)":
7. Constrain Delegation between the account running "SQL Server Analysis Services (POWERPIVOT)" and the account the workbook is attempting to refresh data from (in this example) "SQL Server Agent (MSSQLSERVER)".
In Active Directory Users and Computers > POWERPIVOT_SERVICE_ACCOUNT > Properties > Delegation Tab > Trust this computer for delegation to specified services only > Use any authentication protocol > Add… > Users or Computers… > Data Source > Check Names > OK > “Select All” Available Services > OK > OK
* If you do not have a SPN set for the account running the "SQL Server Analysis Services (POWERPIVOT)", the Delegation tab will not be present for that Account in Active Directory. I propose adding the dummy SPN, Http/dummy.
* Delegation from the Excel Services service account or from Claims to Windows token service (C2WTS) to the Analysis services instance is not required. Therefore no configuration for KCD from Excel Services or C2WTS to PowerPivot AS service is necessary.