locked
SCOM 2019 Web console - authentication issue RRS feed

  • Question

  • Hello,

    I am currently deploying a new SCOM 2019 infrstructure, based on following elements

    - 1 server running SQL Server 2017 on Windows Server 2016

    - 2 servers running SCOM 2019 management servers and consoles, on Windows Server 2019

    - 1 server running SCOM 2019 web console and reporting server,  on Windows Server 2019

    SSL has beeen enabled on web server.

    After deployment of web console, it works fine, except authentication which seems to have an issue.

    -When accessing to web console i have following screen, asking credentials to be used :

    Question 1 : is it possible to get rid of that window, and have "single sign on" feature  (use automatically current user Windows credentials) ?

    Second issue is that, if I click on Use Windows Authentication, it doesn't work. I have to click on "Use Alternate credentials" and enter credentials for current user.

    Question 2 : If this "sign-in" window can not be skipped (which seems to be the case according to that page : https://argonsys.com/microsoft-cloud/library/new-scom-web-console-blog-series-post-1-5-overview/) ,  how to solve issue described above ?

    I have performed actions described in a old document applying to SCOM 2012 (https://techcommunity.microsoft.com/t5/system-center-blog/running-the-web-console-server-on-a-standalone-server-using/ba-p/340345) , but i think this document is now obsolete... Can you please help me ?

    Thank you for your help



    Wednesday, July 22, 2020 8:14 AM

All replies

  • Hi,

    The credential prompt screen you are facing is by design and cannot be removed as far as I know.

    I believe the SCOM 2012 web console methods won’t work as the web console has been revamped a lot since.

    The ”Use Windows Authentication” should work, I’ve never had any issues with it, could be a configuration/authentication issue. Have you tried running the web browser as administrator?


    Best regards,
    Leon


    Blog: https://thesystemcenterblog.com LinkedIn:

    Wednesday, July 22, 2020 11:16 AM
  • Hello,

    i have tried to launch my navigator as administrator, but the same issue has been encountered.

    There are also other elements that could help you on resolution of this issue :

    - Web site uses SSL encryption protocol: web access is done by entering https://io-ws-scom19web/OperationsManager

    - Web console IS NOT deployed on the same server than OperationsManager server, which seems to be usually done.

    Can you please help me on this topic ?

    Monday, July 27, 2020 4:44 PM
  • Do you use domain accounts to run the Data and Configuration services? If yes, did you configure kerberos delegation? This is a requirement when the web console is not installed on a management server : https://docs.microsoft.com/en-us/system-center/scom/deploy-install-web-console?view=sc-om-2019

    (see the note at step 10)

    There are some slightly different infos about this here (last steps) : https://blog.tyang.org/2014/02/27/configure-opsmgr-2012-web-console-single-sign/
    • Edited by CyrAz Monday, July 27, 2020 5:36 PM
    Monday, July 27, 2020 5:33 PM
  • hello CyrAZ

    as you have said i use a domain account for running scom services on management servers.

    So i have followed instructions described at https://techcommunity.microsoft.com/t5/system-center-blog/running-the-web-console-server-on-a-standalone-server-using/ba-p/340345 (step10 that you have talked about leads to that precise document)

    In the rest of the document, i will describe all the actions tht i have done,  but I won't use actual names. Instead I will use following names :

    - 'account'  for domain used for running SCOM services on management servers

    - server1 and server2 for management server names


    If I follow the different steps described in the document :

    Register SPNs :  action done

    When setspn -L account is entered results are :

    Registered ServicePrincipalNames for CN=account,DC=iter,DC=org:
            MSOMSdkSvc/server2
            MSOMSdkSvc/tserver2.iter.org
            MSOMSdkSvc/server1
            MSOMSdkSvc/server1.iter.org

    as described in the document

    Raise Domain level : Not done since this section seems to apply only on Windows 2000 (!) domain controllers

    Veirify User Account options : done>  for account, option Account is sensitive and cannot be delegated is not selected

    Configure constraint delegations : Done . At the end, delegation tab for web server computer displays :

    So it seems to me that i have performed all operations by Micorosoft document. Despite these efforts, and after web server reboot, authentication on Web console is still neeeded, and clicking on "Use Windows Authentication" still doesn't work.

    Cam somebody help me on this tough topic ?

    Thank you by advance.

    Ivan

    Friday, July 31, 2020 4:51 PM