SCOM web console not working

I have a brand new SCOM installation where SCOM has a RMS and a dedicated DB with DW installed. Everything except web console is working just fine. When I try to navigate to the web console address throught inetmgr I am able to get up the popup window for username and password and am able to login. But if i try the URL locally on the RMS or from a remote system I am still presented with the login window, but after the credentials have been supplied, I am redirected to page not found. I am using Windows integrated security, and just for the sake of it I have tried form based and basic authentication. I have also added all the local addresses to trusted sites but still no luck so far.
            So to sum opp the problem, Web console not available from URL and FQDN but is available through IIS. Dont really know what the problem is, as there is not being registered anything neither in Opsmgr log, application log or system log. I cant seem to find anything usefull in IIS log files either. All the servers in the solution are running 2008 R2 and the domain functional level is 2008.

Hope that some one can point me into the right direction.

 

Best regards

Sean.

April 21st, 2011 5:29pm

Sean, have you changed the default permissions in your testing? At this point, you might do a quick uninstall / reinstall to start with a clean slate.

Generally speaking, Windows Integrated authentication will generally be relatively straightforward if the Web console is on the RMS, but more challenging if moved, as constrained delegation must be configured to address the Kerberos double-hop issue. 

Free Windows Admin Tool Kit Click here and download it now
April 21st, 2011 7:47pm

Hi Pete,

            Thanks for the reply. I have tried changing the default permission, as well as also compated with other working installations. But have not really had any luck. I have also tried reinstallinga couple of times with the same exact behaviour. I have tried installing with IIS components that are required as well as all IIS components, just for the sake of testing. I have a suspision about that there might be a domain policy that has been configured which is causing this sort of behaviour, but then again no policies are configured. I have also tried to change authentication from kerberos to NTLM without any results. I can not see any GPO either which are linked directly or indirectly and have also tried with blocking inheritence. I am actually considering import of IIS mgmt pack, just to see if it sort of finds anything unusual. It may be able to provide some usefull insight! This is in production environment, so I might end up opening a PS if I do not find a solution... 

April 22nd, 2011 12:26am

Hi,

I would like to verify what exact error message is recevied when trying to open web console. which authentication was used when installing web console?

To troubleshooting this kind of issue, please refer to the following article:

Common Issues with the OpsMgr Web Console:

http://blogs.technet.com/b/kevinholman/archive/2010/04/07/common-issues-with-the-opsmgr-web-console.aspx

Here are more information:

http://blogs.technet.com/b/kevinholman/archive/2008/09/24/installing-the-web-console-on-a-2008-management-server-using-windows-authentication.aspx

 

Free Windows Admin Tool Kit Click here and download it now
April 22nd, 2011 10:02am

Hi,

I would like to verify what exact error message is recevied when trying to open web console. which authentication was used when installing web console?

To troubleshooting this kind of issue, please refer to the following article:

Common Issues with the OpsMgr Web Console:

http://blogs.technet.com/b/kevinholman/archive/2010/04/07/common-issues-with-the-opsmgr-web-console.aspx

Here are more information:

http://blogs.technet.com/b/kevinholman/archive/2008/09/24/installing-the-web-console-on-a-2008-management-server-using-windows-authentication.aspx

April 22nd, 2011 1:01pm

Hi Rao,

Have you check name resolution? So ping to localhost and hostname and hostname-fqdn and see what you get back. Check if they are the correct ip addresses. (localhost is in the hosts file so it doesnt need to go out ans ask for it).

Next check your proxy settings in IE, because they might try to route you outside your network or to a proxy that isnt configured to find your internal resource. If the name resolution result is OK for you, you might want to add the hostname and hostname-fqdn in the exclusions of your proxy settings.

If this fails you should check the properties of the website and look for the bindings. Check that there are no host headers defined that are different from what you are typing as the address.

Free Windows Admin Tool Kit Click here and download it now
April 22nd, 2011 1:27pm

Hello Bob,

              Thanks for the reply. The name resolution is working just fine. The correct ip is answering, and the correct name is registered in DNS. There is no internet proxy defined! As far as the binding is concerned, port 80 is mapped to default site and 51908 is mapped to web console(Default settings). Thanks for the tips. No hostname is defined in host headers :(

Best regards,

Sean

April 24th, 2011 1:07pm

Hi Rao, I see there is no progress on this yet. I am just going to shoot out some things here...

Can you conrifmr that the problem is still there?
Can you confirm if the web consoel is running on the RMS server? if not please check the kerberos double hop thing that Pete mentioned.
Have you imported the IIS mp to check if that tells you anything?
Are you running it on http or https and if on https have you checked for any certificate related issues?
Still the difference seems to be if you type localhost or the real name of the machine.
Do you also get the error if you type the link with the normal machinename to access the webconsole but from the server itself?
When you ping the machinename of the server from the server itself and from another server do you get the same response from the same resolved addres? (could be from one an ipv4 and from another an ipv6).
Might there be a firewall on the machine itself or near the machine blocking access from one box to another on this port?

Free Windows Admin Tool Kit Click here and download it now
April 27th, 2011 12:32pm

Can you conrifmr that the problem is still there? Problem still here!
Can you confirm if the web consoel is running on the RMS server? if not please check the kerberos double hop thing that Pete mentioned. On RMS!
Have you imported the IIS mp to check if that tells you anything? Imported MP not showing anything usefull regarding this problem.
Are you running it on http or https and if on https have you checked for any certificate related issues? Running Http have also tried HTTPS without any effect
Still the difference seems to be if you type localhost or the real name of the machine. Works only when launched from IIS or Localhost in URL
Do you also get the error if you type the link with the normal machinename to access the webconsole but from the server itself? Same behavior even from the same box
When you ping the machinename of the server from the server itself and from another server do you get the same response from the same resolved addres? (could be from one an ipv4 and from another an ipv6). IPv6 is disabled, the correct machine replies.
Might there be a firewall on the machine itself or near the machine blocking access from one box to another on this port? No firewalls enabled, have also tried to disable local antivirus to test!

 

Thanks,

Sean

April 27th, 2011 1:14pm

Hi Sean,
So also this list of possibilities did not catch anything :-(
If nobody else replies here it might go towards a product support call in order to gain progress by the css guys doing a remote session with you.
By the way, if you find out... please post back here as we are for sure interested.
Free Windows Admin Tool Kit Click here and download it now
April 27th, 2011 1:36pm

What happens if you try the IP address in the url:

 http://<IP Address>:51908/default.aspx

 

April 27th, 2011 5:56pm

Opened a support case with MS. Will post the solution if its simple and if we find one :)
Free Windows Admin Tool Kit Click here and download it now
April 28th, 2011 9:34am

Great Sean. Yes please let us know what the solution amounted to. Thanks for the update
April 28th, 2011 9:46am

Did you manage to solve this one with product support Sean?
Free Windows Admin Tool Kit Click here and download it now
May 7th, 2011 12:49pm

Hi,

        Sorry for a late reply, the case is still in progress. Will post the solution if that is feasible.....

 

Best regards,

Sean

May 10th, 2011 4:14pm

Hi Sean, I will close the thread as it has been silent for a while and mark your last remark as answer. If you have more info on how it was solved please let us know and mark that one as to the benifit of others. Thanks
Free Windows Admin Tool Kit Click here and download it now
September 21st, 2011 11:31pm

I have encouter problems like this(chinese post,with two screenshot) , http://social.technet.microsoft.com/Forums/en-US/operationsmanagerzhchs/thread/de305f4c-00dd-40eb-9ff3-4eb03b9c9ace

the same problem :

1. http://localhost/operationsmanager no credentials requred , the web console display well

2.http://hostname/operationsmanager (credentials required, the web console display "web console configuration required " then i click configure button, a file called SilverlightClientConfiguration.exe was downloaded , but run this exe file does not work

3.http://fqdn/operationsmanager (the same to 2)

4.http://IP/operationsmangager (the same to 2)

IIS run at default web site (80) , mixed authentication 

the other guy's problem "Web Console configuration Required" http://social.technet.microsoft.com/Forums/en-US/operationsmanagergeneral/thread/e16bfea2-eb20-43d2-a3c9-1e30261acedc

May 16th, 2012 3:31pm

Hi Yoke,

                   Please read the thread above as the answers for Your questions. We did manage to fix the problem. It turned out that "_"(Underscore) in the name of servers hosting webconsole was creating a problem. No DNS or authentication issues actually. The solution was to create a entry in DNS which was pointing towards the webserver hosting console. Hope this helps if anyone encounters this strange and bizare error.

Regards,

Sean

Free Windows Admin Tool Kit Click here and download it now
May 22nd, 2012 3:24pm

 I have resolved this issuse by running a new version SilverlightClientConfiguration.exe.

and there was no Underscore or other special charactors  in the computer name of my server

May 23rd, 2012 3:44am

Hi we have had the same issue, here just a little bit different.

Some of our users were able to login SCOM 2012 Web Console, some of them couldn't access the Web Console

User who could not access the console got the http error 400, but there were able to access the server via server ip-address.

We figured out that the users who could not access the SCOM Web Console had the problem that their accounts were in to many security groups. We removed one of the users from a group we have had problems with before and the users could access the SCOM 2012 Web Console.

So problem here, the user (s) has been in too many security groups or the user was in a security group which has too many users, groups (subgroups...).

Martin Elflein

Free Windows Admin Tool Kit Click here and download it now
July 3rd, 2012 2:44pm

Hi,
I have a similar issue. Scom console works for most of users except 3.

I've found the following workaround: 
Everybody have the option "Use Integrated Windows Authentication" active, but it looks like foe someuser profiles, the IE use the false credentials.
You must deactivate the option (Settings -> Adsvanced -> Security), restart the IE.
Now you will be invited to introduce the credentials. Dont use "Use my Windows credentials", but choose "As a different user" and type in your credentials.

Best regards
Dimitri

March 14th, 2014 11:05am

This worked Indeed!!!Great



Free Windows Admin Tool Kit Click here and download it now
February 13th, 2015 9:27am

This worked Indeed!!!Great



  • Edited by Luca Intini Friday, February 13, 2015 2:45 PM
February 13th, 2015 5:21pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics