Mismatch 1, because SQL Server 2008 R2 Reporting Service doesn't run on cluster, therefore the reporting service component is installed on one node only;
Mismatch 2, because Forefront Endpoint Protection 2010 requires SQL reporting service and IIS, therefore IIS role is added on one node of the Windows Server 2008 R2, which also runs SQL reporting
Should I add IIS role to the second node of the Windows Server?
Two completely different things here, so I'll try addressing them individually.
SSRS 2008 R2 is not a "clusterable resource" but that does not mean it cannot run on a cluster, it just can't take advantage of failover clustering. You can install an instance of SSRS on all nodes in a cluster and point all of them to the same database
(which can be clustered). Additionally, if you put all of the node urls behind a load balancer, you have a highly available SSRS solution. See
here for more details.
Forefront Endpoint Protection 2010 APP server needs SSRS, but it doesn't require a local installation. Depending on how you go with "Mismatch 1" you can just point it to a SSRS url on any server. Location of the service doesn't matter.
Here's my recommendation for you.
1) Configure a Scaled-Out deployment of SSRS (utilizing your cluster).
2) Install FEP 2010 onto a server that's not part of the cluster and point the SSRS piece to the load-balanced URL in step 1 and specify a clustered instance for the DB backend.
This will ensure that your FEP 2010 app is also relatively protected on the back end. If you choose to install it on a VM, you've now go a highly avaialble FEP 2010 solution using minimal resources.
Hope that helps,
Marked as answer byFat FrogWednesday, August 10, 2011 1:58 PM