IBM Support

How to configure Internet Explorer to add the Controller application server(s) to the 'Trusted Zone'



User is receiving an error message that is caused by the client device's Internet Explorer not trusting the Controller website sufficiently. How can the customer change their client device's Internet Explorer (IE) settings so that the Controller website is correctly trusted?


There are several different possible symptoms that can occur when Microsoft IE does not trust the Controller website.

  • For examples, see separate IBM Technotes 1983721, 1347752 & 1347558.


If the client device's Internet Explorer does not trust the Controller website, then it will block attempts (by the Controller client) to send/receive information to/from the Controller application server's website.

Diagnosing The Problem

Typically, most problems are triggered by the client device not trusting the Report Server.

Steps to check the Report Server value:
1. Logon to the Controller application server, as an administrator
2. Launch 'Controller Configuration' from the start menu
3. Open 'Report Server' section
4. Make a note of the value of the 'Report Server' (for example ''):

Resolving The Problem

Modify the Internet Explorer settings to allow sending information to/from the Controller WSS (web server) and Report Server (BI server).

  • TIP: Typically, for most customers these two servers are located on the same server (same physical device).

NOTE: There are many different potential combinations of zones/settings that will work. However (for the sake of simplicity) this Technote shall only give one sensible suggestion:
  • Configure the Controller application/web server to be inside the 'Trusted' zone
  • Configure the trusted zone to have 'Medium-Low' security
  • Ensure that the 'trusted zone' is configured to allow HTTP (instead of only HTTPS)

There are different methods to achieve this. Choose whichever method is easiest for you:

    VITALLY IMPORTANT: You *must* ensure that the name of the server (that you use in the methods below) is typed exactly as per the value inside 'Controller Configuration' (see section above for how to check this).

Method A - *Manual* (usually the easiest if not using Citrix)

1. Logon to Client device (e.g. desktop PC) as the end user
2. Launch Internet Explorer
3. Click 'Tools - Internet Options'
4. Click 'Security' tab then 'trusted sites'
5. Click 'sites' and add the report server's website name WITHOUT the extra virtual directories at the end (for example: ):

6. Untick the box "Require server verification..." and save changes

7. Now highlight “Trusted Sites” again
8. Click “Custom Level”
9. Change ‘Reset to’ to “Medium-Low(or you can change to "medium" if using IE6)
10 .Click “Reset”

11. Click “yes” to confirm the change
12. In order to enable Windows Single Sign On (SSO) now scroll down to the bottom of the option list, and select "Automatic logon with current user name and password":

13. Click OK, OK.
14. Test.

Method B - *Automatic* (typically useful for Citrix or Terminal servers)

This method achieves the same thing as above, but this time by adding a key to the registry directly (not via the GUI)

1. Download the file "Trusted_Zone_add_Controller_APP_Server.vbs" (attached to the end of this Technote)
2. Open the file inside 'Notepad'
3. Modify the value 'controllersvr' to be your servername, for example
  • APPSVR1 (NetBIOS convention)
  • or (FQDN convention)

IMPORTANT: You must choose the correct (either NetBIOS or FQDN) version, depending on the settings that you have configured your system to use.

4. Save the file (for example as "C:\UTILS\Trusted_Zone_add_Controller_APP_Server.vbs") on the client device (for example the Citrix server).

5. Ensure that all users run this script. The best way to achieve this will vary, depending on your environment.
    Example #1: You could create a shortcut to "C:\UTILS\Trusted_Zone_add_Controller_APP_Server.vbs" inside the Startup Folder
    • TIP: For Windows 7 & 2012 this is here: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp

    Example #2: For example, on a Citrix server you could:
      (a) modify the file C:\WINDOWS\SYSTEM32\USRLOGON.CMD
      (b) Add an entry at the top saying: C:\UTILS\Trusted_Zone_add_Controller_APP_Server.vbs

(1) There may be a Windows (Active Directory) 'group policy' which overrides any settings that you change in the above methods.
  • Consult your I.T. department for more details.

(2) It is also possible to run Controller with the Controller application server's website in the 'Local Intranet' zone instead of the 'Trusted Zone' (it depends on your preference).
  • However, all documentation shall refer to 'trusted zone' for the sake of simplicity.

[{"Product":{"code":"SS9S6B","label":"Cognos Controller"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Controller","Platform":[{"code":"PF033","label":"Windows"}],"Version":"10.2.1;10.2.0;10.1.1;10.1","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
15 June 2018