Running the Web Console Server on a standalone server using Windows Authentication

Running the Web Console Server on a standalone server using Windows Authentication

  • Comments 3
  • Likes

One of the big issues we had in OpsMgr 2007 RTM was if you installed the Database and the Root Management Server(RMS) on a standalone server with the SDK and Config services running under a domain account users could not install the Web Console Server on a standalone machine and use Windows Authentication. The only other option was to use Forms based authentication which required you to enter a user ID and password every time the web console was launched, something even I hated doing. What was even worse was if your RMS was clustered you could not use Windows Authentication because we did not support installing the Web Console on a cluster. The good news is that we have fixed this issue in OpsMgr SP1 but users will still need to set up constraint delegation  which basically allows a computer to be trusted for delegation, this is a AD-Kerberos limitation and not a product limitation. The attached doc has the steps to setup constraint delegation to support this scenario. I want to thank Marc, Manish and Ranga for helping get this scenario working in SP1.

Satya Vel | Program Manager | System Center |

Attachment: Setting Up Constraint Delegation.docx
Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • Satya,

    I tried to implement the constrained delegation but without luck in SP1 RC. You've mentioned SP1 only, did you mean SP1 RTM or both? Thanks.

  • Following are just my observation when I did SP1 RC upgrade in Engineering, QA and Production for a client.

  • This is out dated for 2012. You need to use "Use any authentication protocol" in the AD object for the web servers delegation.