Changing the SCOM Web Console to Use SSL/HTTPS

  • Article

I recently worked a case where a client had installed the web console and configured it to use HTTP. After running for a while, they decided that HTTPS would be a better option, but couldn't quite get it to work. Every time they'd browse to the new HTTPS address, they got this error:

System.ServiceModel.CommunicationException: [HttpWebRequest_WebException_RemoteServer]
Arguments: NotFound
Debugging resource strings are unavailable. Often the key and arguments provide sufficient information to diagnose the problem. See https://go.microsoft.com/fwlink/?linkid=106663\&Version=5.1.30214.0\&File=System.Windows.dll\&Key=HttpWebRequest\_WebException\_RemoteServer ---> System.Net.WebException: [HttpWebRequest_WebException_RemoteServer]
Arguments: NotFound
Debugging resource strings are unavailable. Often the key and arguments provide sufficient information to diagnose the problem. See https://go.microsoft.com/fwlink/?linkid=106663\&Version=5.1.30214.0\&File=System.Windows.dll\&Key=HttpWebRequest\_WebException\_RemoteServer ---> System.Net.WebException: [HttpWebRequest_WebException_RemoteServer]
Arguments: NotFound

It turns out, it takes more then simply modifying the IIS site to use HTTPS. You must update SCOM's configuration too!

1) In the web.config file (default location of web.config file is: C:\Program Files\Microsoft System Center 2012 R2\Operations Manager\WebConsole\WebHost), make the following changes:
-------------
Before (HTTP):
-------------
<services>
      <!-- Logon Service -->
      <service behaviorConfiguration="DefaultServiceBehavior" name="Microsoft.EnterpriseManagement.Presentation.Security.Services.LogonService">
        <endpoint address="" binding="customBinding" contract="Microsoft.EnterpriseManagement.Presentation.Security.Services.ILogonService" bindingConfiguration="DefaultHttpBinding"/>
      </service>
      <!-- Data Access service -->
      <service behaviorConfiguration="DefaultServiceBehavior" name="Microsoft.EnterpriseManagement.Presentation.DataAccess.Server.DataAccessService">
        <endpoint address="" binding="customBinding" contract="Microsoft.EnterpriseManagement.Presentation.DataAccess.Server.IDataAccessService" bindingConfiguration="DefaultHttpBinding"/>
      </service>
    </services>

-------------
After (HTTPS):
-------------
<services>
      <!-- Logon Service -->
      <service behaviorConfiguration="DefaultServiceBehavior" name="Microsoft.EnterpriseManagement.Presentation.Security.Services.LogonService">
        <endpoint address="" binding="customBinding" contract="Microsoft.EnterpriseManagement.Presentation.Security.Services.ILogonService" bindingConfiguration="DefaultHttpsBinding"/>
      </service>
      <!-- Data Access service -->
      <service behaviorConfiguration="DefaultServiceBehavior" name="Microsoft.EnterpriseManagement.Presentation.DataAccess.Server.DataAccessService">
        <endpoint address="" binding="customBinding" contract="Microsoft.EnterpriseManagement.Presentation.DataAccess.Server.IDataAccessService" bindingConfiguration="DefaultHttpsBinding"/>
      </service>
    </services>

3) In the Registry, make the following changes:
  a) Navigate to the HKey_Local_Machine\Software\Microsoft\System Center Operations Manager\12\Setup\WebConsole\ key.
  b) To enable SSL, set the following:
     HTTP_GET_ENABLED=false
     BINDING_CONFIGURATION=DefaultHttpsBinding

4) After performing the above steps, perform an IISReset and browse the Web Console using HTTPS.

 

Thanks goes to Vikram Sahay for solving this in 2014!