Running the Web Console Server on a standalone server using Windows Authentication

Published Feb 14 2019 08:09 PM 1,737 Views

First published on TECHNET on Jan 30, 2008

One of the big issues we had in OpsMgr 2007 RTM was if you installed the Database and the Root Management Server(RMS) on a standalone server with the SDK and Config services running under a domain account users could not install the Web Console Server on a standalone machine and use Windows Authentication. The only other option was to use Forms based authentication which required you to enter a user ID and password every time the web console was launched, something even I hated doing. What was even worse was if your RMS was clustered you could not use Windows Authentication because we did not support installing the Web Console on a cluster. The good news is that we have fixed this issue in OpsMgr SP1 but users will still need to set up constraint delegation  which basically allows a computer to be trusted for delegation, this is a AD-Kerberos limitation and not a product limitation. The attached doc has the steps to setup constraint delegation to support this scenario. I want to thank Marc, Manish and Ranga for helping get this scenario working in SP1.

 

Satya Vel | Program Manager | System Center |

 

HTTP 500 error when you connect to the Operations Manager web console

1 Comment
%3CLINGO-SUB%20id%3D%22lingo-sub-340345%22%20slang%3D%22en-US%22%3ERunning%20the%20Web%20Console%20Server%20on%20a%20standalone%20server%20using%20Windows%20Authentication%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-340345%22%20slang%3D%22en-US%22%3E%0A%20%26lt%3Bmeta%20http-equiv%3D%22Content-Type%22%20content%3D%22text%2Fhtml%3B%20charset%3DUTF-8%22%20%2F%26gt%3B%3CSTRONG%3E%20First%20published%20on%20TECHNET%20on%20Jan%2030%2C%202008%20%3C%2FSTRONG%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%3CP%3EOne%20of%20the%20big%20issues%20we%20had%20in%20OpsMgr%202007%20RTM%20was%20if%20you%20installed%20the%20Database%20and%20the%20Root%20Management%20Server(RMS)%20on%20a%20standalone%20server%20with%20the%20SDK%20and%20Config%20services%20running%20under%20a%20domain%20account%20users%20could%20not%20install%20the%20Web%20Console%20Server%20on%20a%20standalone%20machine%20and%20use%20Windows%20Authentication.%20The%20only%20other%20option%20was%20to%20use%20Forms%20based%20authentication%20which%20required%20you%20to%20enter%20a%20user%20ID%20and%20password%20every%20time%20the%20web%20console%20was%20launched%2C%20something%20even%20I%20hated%20doing.%20What%20was%20even%20worse%20was%20if%20your%20RMS%20was%20clustered%20you%20could%20not%20use%20Windows%20Authentication%20because%20we%20did%20not%20support%20installing%20the%20Web%20Console%20on%20a%20cluster.%20The%20good%20news%20is%20that%20we%20have%20fixed%20this%20issue%20in%20OpsMgr%20SP1%20but%20users%20will%20still%20need%20to%20set%20up%20constraint%20delegation%20%26nbsp%3Bwhich%20basically%20allows%20a%20computer%20to%20be%20trusted%20for%20delegation%2C%20this%20is%20a%20AD-Kerberos%20limitation%20and%20not%20a%20product%20limitation.%20The%20attached%20doc%20has%20the%20steps%20to%20setup%20constraint%20delegation%20to%20support%20this%20scenario.%20I%20want%20to%20thank%20Marc%2C%20Manish%20and%20Ranga%20for%20helping%20get%20this%20scenario%20working%20in%20SP1.%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CA%20title%3D%22_MailAutoSig%22%20target%3D%22_blank%22%3E%20%3C%2FA%3E%20Satya%20Vel%20%7C%20Program%20Manager%20%7C%20System%20Center%20%7C%3C%2FP%3E%3CBR%20%2F%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmsdnshared.blob.core.windows.net%2Fmedia%2FTNBlogsFS%2Fprod.evol.blogs.technet.com%2Ftelligent.evolution.components.attachments%2F01%2F4616%2F00%2F00%2F02%2F80%2F09%2F20%2FSetting%2520Up%2520Constraint%2520Delegation.docx%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3E%20Setting%20Up%20Constraint%20Delegation.docx%20%3C%2FA%3E%3C%2FP%3E%0A%20%0A%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-340345%22%20slang%3D%22en-US%22%3EFirst%20published%20on%20TECHNET%20on%20Jan%2030%2C%202008%20One%20of%20the%20big%20issues%20we%20had%20in%20OpsMgr%202007%20RTM%20was%20if%20you%20installed%20the%20Database%20and%20the%20Root%20Management%20Server(RMS)%20on%20a%20standalone%20server%20with%20the%20SDK%20and%20Config%20services%20running%20under%20a%20domain%20account%20users%20could%20not%20install%20the%20Web%20Console%20Server%20on%20a%20standalone%20machine%20and%20use%20Windows%20Authentication.%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-340345%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ESystem%20Center%20Operations%20Manager%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Version history
Last update:
‎Oct 21 2021 01:33 AM
Updated by: