I have two nearly identical SSRS2008 servers, which are behaving differently when users attempt to access SSRS using HTTPS. On the first (QA) users can access reports without needing to enter credentials. On the second server (Prod) the users are asked for their credentials and if they are not added to an SSRS Role, denied access.
The *ONLY* differences I've found are:
- On Prod, IIS is configured for Windows Authentication (both servers have IIS installed and running)
- On QA in the IIS bindings for Default Web Site, it lists the server cert for https * 443, while Prod lists a different cert (used by Sharepoint I believe)
- The cert on QA is bound to "all IPs" while on Prod it is bound to a single IP (both servers have 3 IPs)
- The name on the cert on QA does not have the domain name, while Prod does (IE QA name: Server01 / Prod name: Server02.domain.name)
Both certs are issued by a trusted CA.
I have checked every configuration setting in SSRS, including going line-by-line comparing the various XML config files, checked the authentication settings (both are set for RSWindowsNTLM in the rsconfig file.)
Before you suggest having the users add the server to their trusted sites, this is blocked by a GPO and the domain is already in the trusted sites list.
If I set the SSRS on Prod to use HTTP instead of HTTPS, the users connect without being prompted for their credentials...
Any help on this will be appreciated.
Thank you,
Jason A.
Jason A.
