Hi Paul,
I'm assuming dev and prd are connecting to the same AD?
If they are, then it's really strange as that AD is talking properly to the dev environment.
Maybe to check on this prd server if the computer has been ticked for "trust computer for delegation" attribute, or that the account that has been used to start Cognos has "trusted for delegation attribute" checked as well?
So from your description:
1. Using URL with "Namespace" with your account works in PRD?
2. Using URL with "Namespace" with the other user account does not work in PRD?
3. Disabling SSO in PRD doesn't authenticate at all per manually?
4. Enabling SSO in PRD (via portal, not URL) works for both your account and the other user?
5. When disabling Advanced Properties, do you also untick integrated authentication in IIS and move back to anonymous user?
Regards,
Z