When accessing the web console from the server hosting the web site there is no problem, but when accessing it from another server, you get the following message:
This issue is pretty common and I have already blogged about it here: http://blog.coretech.dk/msk/scom-2012-web-console-prompts-for-username-and-password/. As written in the blog post, this is due to Kerberos double hop.
But what to do when that solution doesn’t do the trick?
I made sure that everything was as supposed:
Only Windows Authentication was enabled:
In Providers, NTLM had been moved up, which normally is the fix:
I then started looking at the Advanced Settings of the Application Pool and even tried to change the identity to Local System, SDK etc. – no luck.
Several places I read about a setting in Active Directory: ”Trust this computer for delegation to any service (Kerberos only)”:
But this had no affect either. I also read that one must choose the last option if the Domain Functional Level is 2003, which wasn’t my case.
I had compared every value with my own environment and everything was exactly the same. Except for one. In Providers I saw the “Available Providers” and found “Negotitate:Kerberos”, which sounded like something I needed.
I added this and moved it up.
Voila! I am now able to open the web console on any server without being asked for credentials!
Happy accessing your web console without typing in your credentials!