Changing the SCOM Web Console to Use SSL/HTTPS
I recently worked a case where a client had installed the web console and configured it to use HTTP. After running for a while, they decided that HTTPS would be a better option, but couldn't quite get it to work. Every time they'd browse to the new HTTPS address, they got this error:
System.ServiceModel.CommunicationException: [HttpWebRequest_WebException_RemoteServer]
Arguments: NotFound
Debugging resource strings are unavailable. Often the key and arguments provide sufficient information to diagnose the problem. See https://go.microsoft.com/fwlink/?linkid=106663\&Version=5.1.30214.0\&File=System.Windows.dll\&Key=HttpWebRequest\_WebException\_RemoteServer ---> System.Net.WebException: [HttpWebRequest_WebException_RemoteServer]
Arguments: NotFound
Debugging resource strings are unavailable. Often the key and arguments provide sufficient information to diagnose the problem. See https://go.microsoft.com/fwlink/?linkid=106663\&Version=5.1.30214.0\&File=System.Windows.dll\&Key=HttpWebRequest\_WebException\_RemoteServer ---> System.Net.WebException: [HttpWebRequest_WebException_RemoteServer]
Arguments: NotFound
It turns out, it takes more then simply modifying the IIS site to use HTTPS. You must update SCOM's configuration too!
1) In the web.config file (default location of web.config file is: C:\Program Files\Microsoft System Center 2012 R2\Operations Manager\WebConsole\WebHost), make the following changes:
-------------
Before (HTTP):
-------------
<services>
<!-- Logon Service -->
<service behaviorConfiguration="DefaultServiceBehavior" name="Microsoft.EnterpriseManagement.Presentation.Security.Services.LogonService">
<endpoint address="" binding="customBinding" contract="Microsoft.EnterpriseManagement.Presentation.Security.Services.ILogonService" bindingConfiguration="DefaultHttpBinding"/>
</service>
<!-- Data Access service -->
<service behaviorConfiguration="DefaultServiceBehavior" name="Microsoft.EnterpriseManagement.Presentation.DataAccess.Server.DataAccessService">
<endpoint address="" binding="customBinding" contract="Microsoft.EnterpriseManagement.Presentation.DataAccess.Server.IDataAccessService" bindingConfiguration="DefaultHttpBinding"/>
</service>
</services>
-------------
After (HTTPS):
-------------
<services>
<!-- Logon Service -->
<service behaviorConfiguration="DefaultServiceBehavior" name="Microsoft.EnterpriseManagement.Presentation.Security.Services.LogonService">
<endpoint address="" binding="customBinding" contract="Microsoft.EnterpriseManagement.Presentation.Security.Services.ILogonService" bindingConfiguration="DefaultHttpsBinding"/>
</service>
<!-- Data Access service -->
<service behaviorConfiguration="DefaultServiceBehavior" name="Microsoft.EnterpriseManagement.Presentation.DataAccess.Server.DataAccessService">
<endpoint address="" binding="customBinding" contract="Microsoft.EnterpriseManagement.Presentation.DataAccess.Server.IDataAccessService" bindingConfiguration="DefaultHttpsBinding"/>
</service>
</services>
3) In the Registry, make the following changes:
a) Navigate to the HKey_Local_Machine\Software\Microsoft\System Center Operations Manager\12\Setup\WebConsole\ key.
b) To enable SSL, set the following:
HTTP_GET_ENABLED=false
BINDING_CONFIGURATION=DefaultHttpsBinding
4) After performing the above steps, perform an IISReset and browse the Web Console using HTTPS.
Thanks goes to Vikram Sahay for solving this in 2014!
Comments
Anonymous
March 23, 2015
Nicole, Great find. I hope others in the community will benefit from this as well. It sure saved the day for me. Thanks again.Anonymous
April 15, 2015
I ran into an interesting case with a client that I think deserves a post. The scenario is as followsAnonymous
June 23, 2015
Worked like a charm, thanks a lot!Anonymous
January 28, 2016
Thanks!Anonymous
May 19, 2017
Thanks very much Nicole!! I got the cert working, then that error. I would have been lost without this...or would have needed a service call to Microsoft- Anonymous
May 25, 2017
Always glad to help!
- Anonymous
Anonymous
February 13, 2019
Thanks for this post Nicole! Still relevant in 2019 :)