none
SCOM web console not working RRS feed

  • Question

  • I have a brand new SCOM installation where SCOM has a RMS and a dedicated DB with DW installed. Everything except web console is working just fine. When I try to navigate to the web console address throught inetmgr I am able to get up the popup window for username and password and am able to login. But if i try the URL locally on the RMS or from a remote system I am still presented with the login window, but after the credentials have been supplied, I am redirected to page not found. I am using Windows integrated security, and just for the sake of it I have tried form based and basic authentication. I have also added all the local addresses to trusted sites but still no luck so far.
                So to sum opp the problem, Web console not available from URL and FQDN but is available through IIS. Dont really know what the problem is, as there is not being registered anything neither in Opsmgr log, application log or system log. I cant seem to find anything usefull in IIS log files either. All the servers in the solution are running 2008 R2 and the domain functional level is 2008.

    Hope that some one can point me into the right direction.

     

    Best regards

    Sean.


    Rao
    Thursday, April 21, 2011 2:29 PM

Answers

  • Hi,

            Sorry for a late reply, the case is still in progress. Will post the solution if that is feasible.....

     

    Best regards,

    Sean


    Rao
    Tuesday, May 10, 2011 1:14 PM
  • Hi Yoke,

                       Please read the thread above as the answers for Your questions. We did manage to fix the problem. It turned out that "_"(Underscore) in the name of servers hosting webconsole was creating a problem. No DNS or authentication issues actually. The solution was to create a entry in DNS which was pointing towards the webserver hosting console. Hope this helps if anyone encounters this strange and bizare error.

    Regards,

    Sean


    Rao

    • Marked as answer by zeglory Tuesday, May 22, 2012 12:24 PM
    Tuesday, May 22, 2012 12:24 PM
  • Hi we have had the same issue, here just a little bit different.

    Some of our users were able to login SCOM 2012 Web Console, some of them couldn't access the Web Console

    User who could not access the console got the http error 400, but there were able to access the server via server ip-address.

    We figured out that the users who could not access the SCOM Web Console had the problem that their accounts were in to many security groups. We removed one of the users from a group we have had problems with before and the users could access the SCOM 2012 Web Console.

    So problem here, the user (s) has been in too many security groups or the user was in a security group which has too many users, groups (subgroups...).

    Martin Elflein

    Tuesday, July 3, 2012 11:44 AM

All replies

  • Sean, have you changed the default permissions in your testing? At this point, you might do a quick uninstall / reinstall to start with a clean slate.

    Generally speaking, Windows Integrated authentication will generally be relatively straightforward if the Web console is on the RMS, but more challenging if moved, as constrained delegation must be configured to address the Kerberos double-hop issue. 


    Pete Zerger, MVP-OpsMgr and SCE | http://www.systemcentercentral.com
    Thursday, April 21, 2011 4:47 PM
    Moderator
  • Hi Pete,

                Thanks for the reply. I have tried changing the default permission, as well as also compated with other working installations. But have not really had any luck. I have also tried reinstallinga couple of times with the same exact behaviour. I have tried installing with IIS components that are required as well as all IIS components, just for the sake of testing. I have a suspision about that there might be a domain policy that has been configured which is causing this sort of behaviour, but then again no policies are configured. I have also tried to change authentication from kerberos to NTLM without any results. I can not see any GPO either which are linked directly or indirectly and have also tried with blocking inheritence. I am actually considering import of IIS mgmt pack, just to see if it sort of finds anything unusual. It may be able to provide some usefull insight! This is in production environment, so I might end up opening a PS if I do not find a solution... 


    Rao
    Thursday, April 21, 2011 9:26 PM
  • Hi,

    I would like to verify what exact error message is recevied when trying to open web console. which authentication was used when installing web console?

    To troubleshooting this kind of issue, please refer to the following article:

    Common Issues with the OpsMgr Web Console:

    http://blogs.technet.com/b/kevinholman/archive/2010/04/07/common-issues-with-the-opsmgr-web-console.aspx

    Here are more information:

    http://blogs.technet.com/b/kevinholman/archive/2008/09/24/installing-the-web-console-on-a-2008-management-server-using-windows-authentication.aspx

     


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Friday, April 22, 2011 7:02 AM
  • Hi,

    I would like to verify what exact error message is recevied when trying to open web console. which authentication was used when installing web console?

    To troubleshooting this kind of issue, please refer to the following article:

    Common Issues with the OpsMgr Web Console:

    http://blogs.technet.com/b/kevinholman/archive/2010/04/07/common-issues-with-the-opsmgr-web-console.aspx

    Here are more information:

    http://blogs.technet.com/b/kevinholman/archive/2008/09/24/installing-the-web-console-on-a-2008-management-server-using-windows-authentication.aspx

     


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Thanks for the reply Vivian, I have actually seen this blog and none of the errors described here are the same as I am getting. I can try to describe the situation a bit better:

    When http://Localhost:51908/default.aspx is used the web console comes up. No login is required. Everything seems to be OK.
    When http://hostname:51908/default.aspx is used:I get the error: Internet Explorer cannot display the web page.
    When http://hostname.domainname.local:51908/default.aspx is used: I get the error: Internet Explorer cannot display the web page.

    During the initial install and following installs Windows authentication was used as the Web console was been installed on the RMS. I have now installed the IIS mgmt pack which is showing IIS as healthy both on the RMS and on the MS. I have also tried to add the webconsole on the MS and used form based authentication. But it is also showing the same exact behaviour with the web console as that of RMS. (Had also enabled for delegation as Pete has mentioned)

    I have checked the SPN and seems like they also are registered correclty. Any suggestions?

    Thanks,
    Best regards,
    Sean


    Rao
    Friday, April 22, 2011 10:01 AM
  • Hi Rao,

    Have you check name resolution? So ping to localhost and hostname and hostname-fqdn and see what you get back. Check if they are the correct ip addresses. (localhost is in the hosts file so it doesnt need to go out ans ask for it).

    Next check your proxy settings in IE, because they might try to route you outside your network or to a proxy that isnt configured to find your internal resource. If the name resolution result is OK for you, you might want to add the hostname and hostname-fqdn in the exclusions of your proxy settings.

    If this fails you should check the properties of the website and look for the bindings. Check that there are no host headers defined that are different from what you are typing as the address.


    Bob Cornelissen - BICTT (My BICTT Blog)
    Friday, April 22, 2011 10:27 AM
    Moderator
  • Hello Bob,

                  Thanks for the reply. The name resolution is working just fine. The correct ip is answering, and the correct name is registered in DNS. There is no internet proxy defined! As far as the binding is concerned, port 80 is mapped to default site and 51908 is mapped to web console(Default settings). Thanks for the tips. No hostname is defined in host headers :(

    Best regards,

    Sean


    Rao
    Sunday, April 24, 2011 10:07 AM
  • Hi Rao, I see there is no progress on this yet. I am just going to shoot out some things here...

    Can you conrifmr that the problem is still there?
    Can you confirm if the web consoel is running on the RMS server? if not please check the kerberos double hop thing that Pete mentioned.
    Have you imported the IIS mp to check if that tells you anything?
    Are you running it on http or https and if on https have you checked for any certificate related issues?
    Still the difference seems to be if you type localhost or the real name of the machine.
    Do you also get the error if you type the link with the normal machinename to access the webconsole but from the server itself?
    When you ping the machinename of the server from the server itself and from another server do you get the same response from the same resolved addres? (could be from one an ipv4 and from another an ipv6).
    Might there be a firewall on the machine itself or near the machine blocking access from one box to another on this port?


    Bob Cornelissen - BICTT (My BICTT Blog)
    Wednesday, April 27, 2011 9:32 AM
    Moderator
  • Can you conrifmr that the problem is still there? Problem still here!
    Can you confirm if the web consoel is running on the RMS server? if not please check the kerberos double hop thing that Pete mentioned. On RMS!
    Have you imported the IIS mp to check if that tells you anything? Imported MP not showing anything usefull regarding this problem.
    Are you running it on http or https and if on https have you checked for any certificate related issues? Running Http have also tried HTTPS without any effect
    Still the difference seems to be if you type localhost or the real name of the machine. Works only when launched from IIS or Localhost in URL
    Do you also get the error if you type the link with the normal machinename to access the webconsole but from the server itself? Same behavior even from the same box
    When you ping the machinename of the server from the server itself and from another server do you get the same response from the same resolved addres? (could be from one an ipv4 and from another an ipv6). IPv6 is disabled, the correct machine replies.
    Might there be a firewall on the machine itself or near the machine blocking access from one box to another on this port? No firewalls enabled, have also tried to disable local antivirus to test!

     

    Thanks,

    Sean


    Rao
    Wednesday, April 27, 2011 10:14 AM
  • Hi Sean,
    So also this list of possibilities did not catch anything :-(
    If nobody else replies here it might go towards a product support call in order to gain progress by the css guys doing a remote session with you.
    By the way, if you find out... please post back here as we are for sure interested.
    Bob Cornelissen - BICTT (My BICTT Blog)
    Wednesday, April 27, 2011 10:36 AM
    Moderator
  • What happens if you try the IP address in the url:

     http://<IP Address>:51908/default.aspx

     


    View OpsMgr tips and tricks at http://systemcentersolutions.wordpress.com/
    Wednesday, April 27, 2011 2:56 PM
    Moderator
  • Opened a support case with MS. Will post the solution if its simple and if we find one :)
    Rao
    Thursday, April 28, 2011 6:34 AM
  • Great Sean. Yes please let us know what the solution amounted to. Thanks for the update
    Bob Cornelissen - BICTT (My BICTT Blog)
    Thursday, April 28, 2011 6:46 AM
    Moderator
  • Did you manage to solve this one with product support Sean?
    Bob Cornelissen - BICTT (My BICTT Blog)
    Saturday, May 7, 2011 9:49 AM
    Moderator
  • Hi,

            Sorry for a late reply, the case is still in progress. Will post the solution if that is feasible.....

     

    Best regards,

    Sean


    Rao
    Tuesday, May 10, 2011 1:14 PM
  • Hi Sean, I will close the thread as it has been silent for a while and mark your last remark as answer. If you have more info on how it was solved please let us know and mark that one as to the benifit of others. Thanks
    Bob Cornelissen - BICTT (My BICTT Blog) - Microsoft Community Contributor 2011 Recipient
    Wednesday, September 21, 2011 8:31 PM
    Moderator
  • I have encouter problems like this(chinese post,with two screenshot) , http://social.technet.microsoft.com/Forums/en-US/operationsmanagerzhchs/thread/de305f4c-00dd-40eb-9ff3-4eb03b9c9ace

    the same problem :

    1. http://localhost/operationsmanager no credentials requred , the web console display well

    2.http://hostname/operationsmanager (credentials required, the web console display "web console configuration required " then i click configure button, a file called SilverlightClientConfiguration.exe was downloaded , but run this exe file does not work

    3.http://fqdn/operationsmanager (the same to 2)

    4.http://IP/operationsmangager (the same to 2)

    IIS run at default web site (80) , mixed authentication 

    the other guy's problem "Web Console configuration Required" http://social.technet.microsoft.com/Forums/en-US/operationsmanagergeneral/thread/e16bfea2-eb20-43d2-a3c9-1e30261acedc



    yoke88
    IM:yoke-msn@hotmail.com


    • Edited by yoke88 Wednesday, May 16, 2012 12:34 PM
    Wednesday, May 16, 2012 12:31 PM
  • Hi Yoke,

                       Please read the thread above as the answers for Your questions. We did manage to fix the problem. It turned out that "_"(Underscore) in the name of servers hosting webconsole was creating a problem. No DNS or authentication issues actually. The solution was to create a entry in DNS which was pointing towards the webserver hosting console. Hope this helps if anyone encounters this strange and bizare error.

    Regards,

    Sean


    Rao

    • Marked as answer by zeglory Tuesday, May 22, 2012 12:24 PM
    Tuesday, May 22, 2012 12:24 PM
  •  I have resolved this issuse by running a new version SilverlightClientConfiguration.exe.

    and there was no Underscore or other special charactors  in the computer name of my server


    yoke88
    IM:yoke-msn@hotmail.com

    Wednesday, May 23, 2012 12:44 AM
  • Hi we have had the same issue, here just a little bit different.

    Some of our users were able to login SCOM 2012 Web Console, some of them couldn't access the Web Console

    User who could not access the console got the http error 400, but there were able to access the server via server ip-address.

    We figured out that the users who could not access the SCOM Web Console had the problem that their accounts were in to many security groups. We removed one of the users from a group we have had problems with before and the users could access the SCOM 2012 Web Console.

    So problem here, the user (s) has been in too many security groups or the user was in a security group which has too many users, groups (subgroups...).

    Martin Elflein

    Tuesday, July 3, 2012 11:44 AM
  • Hi,
    I have a similar issue. Scom console works for most of users except 3.

    I've found the following workaround: 
    Everybody have the option "Use Integrated Windows Authentication" active, but it looks like foe someuser profiles, the IE use the false credentials.
    You must deactivate the option (Settings -> Adsvanced -> Security), restart the IE.
    Now you will be invited to introduce the credentials. Dont use "Use my Windows credentials", but choose "As a different user" and type in your credentials.

    Best regards
    Dimitri

    Friday, March 14, 2014 8:05 AM
  • This worked Indeed!!!Great

    

    • Edited by Luca Intini Friday, February 13, 2015 2:45 PM
    Friday, February 13, 2015 2:21 PM