Just been trying to get a new Demo environment setup for 10.2.400.3 I’ve installed the basics, can login etc.
When I click on the Data Discovery icon. 
I get a 403 error, not really sure why.
The first time I did it I was prompted in chrome to select a certificat to authenticate myself
Clearly I’ve missed something here. I have this happening for an upgraded version of our Pilot environment as well. (on the same server).
Any assistance, or pointing to a document/link appreciated.
Interestingly after letting things rest for a bit…(not sure if it made any difference). I logged in again, clicked the button and was prompted with the certificate selection. I clicked on cancel, it asked for my network credentials, and after entering them in, it worked.
I reviewed the admin guide it mentioned enabling HttpsBinaryWindowsChannel on the HttpsEndpointBinding field in the app server config. Still testing to see if this does make any difference.
At this stage I have one App server with it setup that way, and the other without it. Having DD open in the default browser makes things a bit difficult to test from one environment and the other, when you have that browser open for using other things…(Simon…Note to self apply a more scientific approach to this test).
I just love testing web apps…
…
Just confirmed that using either environment (one with the EndPointBinding configured vs the one that isn’t) makes no difference. The certificate prompt still shows.
403 can mean a lot of things but one of them is the app pool (running edd in this case) user may not have access to the edd files to serve them up. There are a bunch of other possible reasons though. Our support dept can def help with this one if that isn’t it.
The client certificate prompt is usually an unintentional config in IIS. there’s an accept client certificates option in IIS under ssl settings which if you dont want to use client side certificates (where client machines provide a certificate to the server instead of the other way around) you probably want turned off.
Brian,
You are definitely correct and the combination of having Accept Client certificates enabled and using Chrome causes the prompt appear. After consulting to the Engineers Handbook (aka Google). I found the setting and Set the Client certificates to Ignore.
Interestingly I changed it on the virtual directory with no affect. It was not until I set this on the default site that the virtual directories were a part of did it make a difference. On that point we don’t have a host header name on the binding for the site, so that might have some relation as to why…perhaps
I don’t recall seeing anything in the install documentation to check this, which would be a great addendum to the troubleshooting section.
So just to summarize what I did, just in case some other poor accidental admin runs into this.
For good measure I recycled the application pool related to the EDD site also. Probably not required as typically changes to settings will force a recycle anyway. I do recall if you change the web.config on a site it will recycle also…
