none
Proxy Config with Office 365 Management Pack RRS feed

  • Question

  • I recently installed the Office 365 Management Pack.  Our Management Server is on a private network, so needs to go through a proxy to get out to the Internet.

    I have configured a new Run As Account, and added it to the Office 365 Subscription Proxy secure reference Run As profile.  I logged onto the Management Server as the proxy account, and configured proxy within Internet Explorer for the user profile, then was able to successfully access office365servicehealthcommunications.cloudapp.net / shdtenantcommunications.svc.  I then rebooted the Management Server and logged in with my own account.  Looking at the Office 365 Dashboard, the status for our two subscriptions are both red Xs.  I started logging activity from the SCOM server on the proxy and nothing was coming from the Management Server trying to get out to the office365servicehealthcommunications URL.  The only way I have been able to get it to work, and get green check marks on the dashboard for the subscription status is to log onto the Management Server as the proxy account and within 15-20 minutes the status turns to OK.

    I have verified (when not logged into Windows as the proxy account) that there is a MonitoringHost.exe process running as the proxy user.

    Any ideas on why things only work when the proxy account is logged into Windows?  I have gone as far as temporarily making the proxy account a local admin on the Management Server and that has not helped.

    Tuesday, March 31, 2015 9:22 PM

All replies

    • Edited by Natalya Vank Friday, April 10, 2015 11:29 AM
    • Proposed as answer by Yan Li_Moderator Tuesday, April 14, 2015 9:29 AM
    • Marked as answer by Yan Li_Moderator Tuesday, April 14, 2015 9:29 AM
    • Unmarked as answer by BT734 Tuesday, April 14, 2015 4:26 PM
    Friday, April 10, 2015 11:29 AM
  • I had reviewed those posts earlier and did not see anything helpful in my situation.

    I have done the following to get monitoring working:

    1. Removed the account that I added to the "Office 365 Subscription Proxy secure reference" RunAs profile.
      This results in the monitoring being done by the default action account (SYSTEM)
    2. Launched IE as SYSTEM (using psexec) and configured proxy settings for SYSTEM.
    3. In the same IE windows (running as SYSTEM) I verified I could get out to portal.office.com and https://office365servicehealthcommunications.cloudapp.net/shdtenantcommunications.svc
    4. Everything now works as expected.  monitoringhost.exe is no longer running under the proxy account, and the subscription monitors have come up healthy.

    I'm not sure why using a service account does not work unless it is logged into Windows.  As stated before, when I was using the service account I verified monitoringhost.exe was running as the service account, but there was no activity coming from the management Server to the proxy (TMG in my case) until I opened another RDP session to the management server and logged on as the proxy account.

    Tuesday, April 14, 2015 4:26 PM
  • Thanks heaps BT734, that solved my problem.

    For others looking here, the command I used to open IE as SYSTEM  was:
    PsExec.exe -s -i -accepteula "C:\program files\internet explorer\iexplore.exe"

    Tuesday, April 14, 2015 11:53 PM
  • Hi BT734,

    As it was discussed before, the portal.office.com URL (mentioned by you in #3) could be accessed anonymously from IE when testing (in your case it was under SYSTEM).

    LocalSystem authenticates as a computer\host within a domain and as Anonymous for out of domain resources. It looks that your proxy settings allow authentication on computer level. Of course, it's different for different proxy\networks\settings. If a proxy server requires domain users' authentication, the SCOM proxy account should be configured.

    For the TMG  - today I found that Forefront Threat Management Gateway (TMG) Client installation on the SCOM management server should fix the proxy authentication issue, which you experienced by using the O365 Proxy account.

    Anyway, it's great that you found the solution for your environment! :)


    Natalya

    ### If my post helped you, please take a moment to Vote as Helpful and\or Mark as an Answer

    Wednesday, April 15, 2015 3:46 AM
  • You have to add the proxy config settings in the MonitoringHost.exe.config file.

    Just below the element named <configuration> add a new line and paste in the following:

     

    <system.net>

        <defaultProxy enabled="true" useDefaultCredentials="true">

          <proxy      

            proxyaddress="http://proxyaddress:8080"

            bypassonlocal="true"

          />

          <bypasslist>       

          </bypasslist>

        </defaultProxy>

      </system.net>

     

    Update proxyaddress with the address or name of your proxy server and port.

    Wednesday, May 13, 2015 5:25 PM