Friday, March 26, 2010

SCOM Web Console with form based authentication throws an unexpected error

When the SCOM Web Console is installed using form based authentication and one tries to logon, an unexpected error is shown after having entered your credentials:
image

The Application log of tells more about the reason of this error: 
image

and this is what is to be found in the event description:

Exception information:

Exception type: HttpException

Exception message: The application is configured to issue secure cookies. These cookies require the browser to issue the request over SSL (https protocol). However, the current request is not over SSL.

So when form based authentication is being used SSL is REQUIRED. So the above mentioned error is BY DESIGN and meant as security measure.

How ever, in order to test the website before implementing SSL (I strongly advise to implement SSL since all the passwords are send over the network in clear text as long SSL is not enabled) one has to perform these steps on the server hosting the Web Console:

  1. Open an elevated cmd-prompt
  2. Start Notepad from that cmd-prompt
  3. In Notepad, open the file web.config located in C:\Program Files\System Center Operations Manager 2007\Web Console
  4. Change this value:

    <authentication mode="Forms">
    <forms requireSSL="true" />
    </authentication>


    to:

    <authentication mode="Forms">
    <forms requireSSL="false" />
    </authentication>

  5. Save the file.

Now you can run the SCOM Web Console with form based authentication WITHOUT SSL. But again: use this only for testing purposes. When all is working as intended, make sure to revert to the original settings so SSL is required again.

In a future posting I will describe how to implement SSL on the SCOM R2 Web Console based on IIS 7.0.

1 comment:

Daniel said...

Hi,
We have a similar situation in our environment. But the Process information and event description seems to be different from that in the blog.
Process information:
Process ID: 6444
Process name: w3wp.exe
Account name: IIS APPPOOL\OPWebConsoleApp

Exception information:
Exception type: ServerDisconnectedException
Exception message: The client has been disconnected from the server. Please call ManagementGroup.Reconnect() to reestablish the connection.