Jaa


Changing the SCOM Web Console to Use SSL/HTTPS

I recently worked a case where a client had installed the web console and configured it to use HTTP. After running for a while, they decided that HTTPS would be a better option, but couldn't quite get it to work. Every time they'd browse to the new HTTPS address, they got this error:

System.ServiceModel.CommunicationException: [HttpWebRequest_WebException_RemoteServer]
Arguments: NotFound
Debugging resource strings are unavailable. Often the key and arguments provide sufficient information to diagnose the problem. See https://go.microsoft.com/fwlink/?linkid=106663\&Version=5.1.30214.0\&File=System.Windows.dll\&Key=HttpWebRequest\_WebException\_RemoteServer ---> System.Net.WebException: [HttpWebRequest_WebException_RemoteServer]
Arguments: NotFound
Debugging resource strings are unavailable. Often the key and arguments provide sufficient information to diagnose the problem. See https://go.microsoft.com/fwlink/?linkid=106663\&Version=5.1.30214.0\&File=System.Windows.dll\&Key=HttpWebRequest\_WebException\_RemoteServer ---> System.Net.WebException: [HttpWebRequest_WebException_RemoteServer]
Arguments: NotFound

It turns out, it takes more then simply modifying the IIS site to use HTTPS. You must update SCOM's configuration too!

1) In the web.config file (default location of web.config file is: C:\Program Files\Microsoft System Center 2012 R2\Operations Manager\WebConsole\WebHost), make the following changes:
-------------
Before (HTTP):
-------------
<services>
      <!-- Logon Service -->
      <service behaviorConfiguration="DefaultServiceBehavior" name="Microsoft.EnterpriseManagement.Presentation.Security.Services.LogonService">
        <endpoint address="" binding="customBinding" contract="Microsoft.EnterpriseManagement.Presentation.Security.Services.ILogonService" bindingConfiguration="DefaultHttpBinding"/>
      </service>
      <!-- Data Access service -->
      <service behaviorConfiguration="DefaultServiceBehavior" name="Microsoft.EnterpriseManagement.Presentation.DataAccess.Server.DataAccessService">
        <endpoint address="" binding="customBinding" contract="Microsoft.EnterpriseManagement.Presentation.DataAccess.Server.IDataAccessService" bindingConfiguration="DefaultHttpBinding"/>
      </service>
    </services>

-------------
After (HTTPS):
-------------
<services>
      <!-- Logon Service -->
      <service behaviorConfiguration="DefaultServiceBehavior" name="Microsoft.EnterpriseManagement.Presentation.Security.Services.LogonService">
        <endpoint address="" binding="customBinding" contract="Microsoft.EnterpriseManagement.Presentation.Security.Services.ILogonService" bindingConfiguration="DefaultHttpsBinding"/>
      </service>
      <!-- Data Access service -->
      <service behaviorConfiguration="DefaultServiceBehavior" name="Microsoft.EnterpriseManagement.Presentation.DataAccess.Server.DataAccessService">
        <endpoint address="" binding="customBinding" contract="Microsoft.EnterpriseManagement.Presentation.DataAccess.Server.IDataAccessService" bindingConfiguration="DefaultHttpsBinding"/>
      </service>
    </services>

3) In the Registry, make the following changes:
  a) Navigate to the HKey_Local_Machine\Software\Microsoft\System Center Operations Manager\12\Setup\WebConsole\ key.
  b) To enable SSL, set the following:
     HTTP_GET_ENABLED=false
     BINDING_CONFIGURATION=DefaultHttpsBinding

4) After performing the above steps, perform an IISReset and browse the Web Console using HTTPS.

 

Thanks goes to Vikram Sahay for solving this in 2014!

Comments

  • Anonymous
    March 23, 2015
    Nicole, Great find.  I hope others in the community will benefit from this as well.  It sure saved the day for me.  Thanks again.

  • Anonymous
    April 15, 2015
    I ran into an interesting case with a client that I think deserves a post. The scenario is as follows

  • Anonymous
    June 23, 2015
    Worked like a charm, thanks a lot!

  • Anonymous
    January 28, 2016
    Thanks!

  • Anonymous
    May 19, 2017
    Thanks very much Nicole!! I got the cert working, then that error. I would have been lost without this...or would have needed a service call to Microsoft

    • Anonymous
      May 25, 2017
      Always glad to help!
  • Anonymous
    February 13, 2019
    Thanks for this post Nicole! Still relevant in 2019 :)