I have a brand new SCOM installation where SCOM has a RMS and a dedicated DB with DW installed. Everything except web console is working just fine. When I try to navigate to the web console address throught inetmgr I am able to get up the popup window for username and password and am able to login. But if i try the URL locally on the RMS or from a remote system I am still presented with the login window, but after the credentials have been supplied, I am redirected to page not found. I am using Windows integrated security, and just for the sake of it I have tried form based and basic authentication. I have also added all the local addresses to trusted sites but still no luck so far. So to sum opp the problem, Web console not available from URL and FQDN but is available through IIS. Dont really know what the problem is, as there is not being registered anything neither in Opsmgr log, application log or system log. I cant seem to find anything usefull in IIS log files either. All the servers in the solution are running 2008 R2 and the domain functional level is 2008. Hope that some one can point me into the right direction. Best regards Sean.Rao

Sean, have you changed the default permissions in your testing? At this point, you might do a quick uninstall / reinstall to start with a clean slate. Generally speaking, Windows Integrated authentication will generally be relatively straightforward if the Web console is on the RMS, but more challenging if moved, as constrained delegation must be configured to address the Kerberos double-hop issue. Pete Zerger, MVP-OpsMgr and SCE | http://www.systemcentercentral.com

Hi Pete, Thanks for the reply. I have tried changing the default permission, as well as also compated with other working installations. But have not really had any luck. I have also tried reinstallinga couple of times with the same exact behaviour. I have tried installing with IIS components that are required as well as all IIS components, just for the sake of testing. I have a suspision about that there might be a domain policy that has been configured which is causing this sort of behaviour, but then again no policies are configured. I have also tried to change authentication from kerberos to NTLM without any results. I can not see any GPO either which are linked directly or indirectly and have also tried with blocking inheritence. I am actually considering import of IIS mgmt pack, just to see if it sort of finds anything unusual. It may be able to provide some usefull insight! This is in production environment, so I might end up opening a PS if I do not find a solution... Rao

Hi, I would like to verify what exact error message is recevied when trying to open web console. which authentication was used when installing web console? To troubleshooting this kind of issue, please refer to the following article: Common Issues with the OpsMgr Web Console: http://blogs.technet.com/b/kevinholman/archive/2010/04/07/common-issues-with-the-opsmgr-web-console.aspx Here are more information: http://blogs.technet.com/b/kevinholman/archive/2008/09/24/installing-the-web-console-on-a-2008-management-server-using-windows-authentication.aspx Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, I would like to verify what exact error message is recevied when trying to open web console. which authentication was used when installing web console? To troubleshooting this kind of issue, please refer to the following article: Common Issues with the OpsMgr Web Console: http://blogs.technet.com/b/kevinholman/archive/2010/04/07/common-issues-with-the-opsmgr-web-console.aspx Here are more information: http://blogs.technet.com/b/kevinholman/archive/2008/09/24/installing-the-web-console-on-a-2008-management-server-using-windows-authentication.aspx Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Thanks for the reply Vivian, I have actually seen this blog and none of the errors described here are the same as I am getting. I can try to describe the situation a bit better: When http://Localhost:51908/default.aspx is used the web console comes up. No login is required. Everything seems to be OK. When http://hostname:51908/default.aspx is used:I get the error: Internet Explorer cannot display the web page. When http://hostname.domainname.local:51908/default.aspx is used: I get the error: Internet Explorer cannot display the web page. During the initial install and following installs Windows authentication was used as the Web console was been installed on the RMS. I have now installed the IIS mgmt pack which is showing IIS as healthy both on the RMS and on the MS. I have also tried to add the webconsole on the MS and used form based authentication. But it is also showing the same exact behaviour with the web console as that of RMS. (Had also enabled for delegation as Pete has mentioned) I have checked the SPN and seems like they also are registered correclty. Any suggestions? Thanks, Best regards, SeanRao

Hi Rao, Have you check name resolution? So ping to localhost and hostname and hostname-fqdn and see what you get back. Check if they are the correct ip addresses. (localhost is in the hosts file so it doesnt need to go out ans ask for it). Next check your proxy settings in IE, because they might try to route you outside your network or to a proxy that isnt configured to find your internal resource. If the name resolution result is OK for you, you might want to add the hostname and hostname-fqdn in the exclusions of your proxy settings. If this fails you should check the properties of the website and look for the bindings. Check that there are no host headers defined that are different from what you are typing as the address.Bob Cornelissen - BICTT (My BICTT Blog)

Hello Bob, Thanks for the reply. The name resolution is working just fine. The correct ip is answering, and the correct name is registered in DNS. There is no internet proxy defined! As far as the binding is concerned, port 80 is mapped to default site and 51908 is mapped to web console(Default settings). Thanks for the tips. No hostname is defined in host headers :( Best regards, SeanRao

Hi Rao, I see there is no progress on this yet. I am just going to shoot out some things here... Can you conrifmr that the problem is still there? Can you confirm if the web consoel is running on the RMS server? if not please check the kerberos double hop thing that Pete mentioned. Have you imported the IIS mp to check if that tells you anything? Are you running it on http or https and if on https have you checked for any certificate related issues? Still the difference seems to be if you type localhost or the real name of the machine. Do you also get the error if you type the link with the normal machinename to access the webconsole but from the server itself? When you ping the machinename of the server from the server itself and from another server do you get the same response from the same resolved addres? (could be from one an ipv4 and from another an ipv6). Might there be a firewall on the machine itself or near the machine blocking access from one box to another on this port?Bob Cornelissen - BICTT (My BICTT Blog)

Can you conrifmr that the problem is still there? Problem still here! Can you confirm if the web consoel is running on the RMS server? if not please check the kerberos double hop thing that Pete mentioned. On RMS! Have you imported the IIS mp to check if that tells you anything? Imported MP not showing anything usefull regarding this problem. Are you running it on http or https and if on https have you checked for any certificate related issues? Running Http have also tried HTTPS without any effect Still the difference seems to be if you type localhost or the real name of the machine. Works only when launched from IIS or Localhost in URL Do you also get the error if you type the link with the normal machinename to access the webconsole but from the server itself? Same behavior even from the same box When you ping the machinename of the server from the server itself and from another server do you get the same response from the same resolved addres? (could be from one an ipv4 and from another an ipv6). IPv6 is disabled, the correct machine replies. Might there be a firewall on the machine itself or near the machine blocking access from one box to another on this port? No firewalls enabled, have also tried to disable local antivirus to test! Thanks, SeanRao

Hi Sean, So also this list of possibilities did not catch anything :-( If nobody else replies here it might go towards a product support call in order to gain progress by the css guys doing a remote session with you. By the way, if you find out... please post back here as we are for sure interested.Bob Cornelissen - BICTT (My BICTT Blog)

What happens if you try the IP address in the url: http://<IP Address>:51908/default.aspx View OpsMgr tips and tricks at http://systemcentersolutions.wordpress.com/

Opened a support case with MS. Will post the solution if its simple and if we find one :)Rao

Great Sean. Yes please let us know what the solution amounted to. Thanks for the updateBob Cornelissen - BICTT (My BICTT Blog)

Did you manage to solve this one with product support Sean?Bob Cornelissen - BICTT (My BICTT Blog)

Hi, Sorry for a late reply, the case is still in progress. Will post the solution if that is feasible..... Best regards, SeanRao