Sign in
 
HomeLibraryLearnDownloadsSupportForums
Resources for IT Professionals > System Center Configuration Manager Forums > Configuration Manager Internet Clients and Native Mode > Reporting Site connecting on HTTP in Native Mode
Ask a questionAsk a question
Search Forums:
 

AnswerReporting Site connecting on HTTP in Native Mode

  • Thursday, May 14, 2009 3:31 PMMayur Kirti Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    I reinstalled the reporting point to use HTTPS after switching to the native mode. I can now access the reports that open in the ConfigMgr console itself. However, when I run a report that opens in a web browser, the report tries to run on HTTP and I get the certificate warning. I cant seem to find a way to make it go to HTTPS port. I am hoping to get some ideas how to fix this.

    Thanks.
    Mayur
     

Answers

  • Friday, May 15, 2009 2:03 AMMatthew Hudson [MVP]MVPUsers MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     Answer
    Sign In to Vote
    0
    Sign In to Vote
    I have heard several people try to change the default behavior. 

    To give you an idea here are some things that others have tried

    http://social.technet.microsoft.com/Forums/en-US/configmgrsetup/thread/2686cdf9-70ac-4013-94bb-ed8f037ecc54
    http://social.technet.microsoft.com/Forums/en-US/configmgribcm/thread/3b43850c-5878-45a9-aee0-3d54e394f25b

    http://www.sccm-tools.com http://sms-hints-tricks.blogspot.com
     
  • Friday, May 15, 2009 3:40 AMCarol BaileyMSFT, ModeratorUsers MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     Answer
    Sign In to Vote
    0
    Sign In to Vote
    First, this isn't actually related at all to native mode - even though it's SSL.  The ability to have the reporting point in http or https has been in the product before native mode was even thought of- which is why implementing it behaves differently.  As you noted, you can't change from http to https after installation (which is really annoying!), but have to delete the role and add it again. And unlike the native mode site systems, it doesn't support FQDNs for the certificates - which means you have to configure the site system with a shortname only, and use a certificate with the shortname in the certificate Subject (at least, that's my recollection). 

    These are design limitations from an older implementation and cannot be changed by the admin.  So if you're running the reporting point on the same server as a native mode site system that uses an FQDN for the site system properties, it's not going to play nice.  If you can put it on a separate server, try this:  install the role with https, don't specify an FQDN (however wrong it feels), and deploy a Web server certificate with the shortname in the certificate Subject.  If you run the reports from IE rather than from within the console, use the shortname and not FQDN (as per Matthew's post).


    - Carol

     

     

    This posting is provided “AS IS” with no warranties and confers no rights

     

All Replies

  • Thursday, May 14, 2009 4:01 PMMatthew Hudson [MVP]MVPUsers MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    This could be because the reporting is using https://server/SMSreporting and the certificate is for https://server.foo.com/SMSREporting....

    http://www.sccm-tools.com http://sms-hints-tricks.blogspot.com
     
  • Thursday, May 14, 2009 4:27 PMMayur Kirti Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    Thats exactly what it is. I have no idea where to change it.

    Second, when I manually change the address and type the FQDN, the browser asks me for credentials and takes me to report, but I do not get the certificate warning this time. I think this has something to do with IIS permissions.
    Mayur
     
  • Friday, May 15, 2009 2:03 AMMatthew Hudson [MVP]MVPUsers MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     Answer
    Sign In to Vote
    0
    Sign In to Vote
    I have heard several people try to change the default behavior. 

    To give you an idea here are some things that others have tried

    http://social.technet.microsoft.com/Forums/en-US/configmgrsetup/thread/2686cdf9-70ac-4013-94bb-ed8f037ecc54
    http://social.technet.microsoft.com/Forums/en-US/configmgribcm/thread/3b43850c-5878-45a9-aee0-3d54e394f25b

    http://www.sccm-tools.com http://sms-hints-tricks.blogspot.com
     
  • Friday, May 15, 2009 3:40 AMCarol BaileyMSFT, ModeratorUsers MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     Answer
    Sign In to Vote
    0
    Sign In to Vote
    First, this isn't actually related at all to native mode - even though it's SSL.  The ability to have the reporting point in http or https has been in the product before native mode was even thought of- which is why implementing it behaves differently.  As you noted, you can't change from http to https after installation (which is really annoying!), but have to delete the role and add it again. And unlike the native mode site systems, it doesn't support FQDNs for the certificates - which means you have to configure the site system with a shortname only, and use a certificate with the shortname in the certificate Subject (at least, that's my recollection). 

    These are design limitations from an older implementation and cannot be changed by the admin.  So if you're running the reporting point on the same server as a native mode site system that uses an FQDN for the site system properties, it's not going to play nice.  If you can put it on a separate server, try this:  install the role with https, don't specify an FQDN (however wrong it feels), and deploy a Web server certificate with the shortname in the certificate Subject.  If you run the reports from IE rather than from within the console, use the shortname and not FQDN (as per Matthew's post).


    - Carol

     

     

    This posting is provided “AS IS” with no warranties and confers no rights