Host Header or IP Address binding causes Web Console login errors in SCOM 1801 or 1807

Applies to: System Center Operations Manager, version 1801System Center Operations Manager, version 1807

Symptoms


When you install the Web Console in Microsoft System Center Operations Manager (SCOM) 1801 or 1807, you receive the following error message when you select the Use Windows Authentication sign-in option:


If you instead select the Use Alternate Credentials sign-in option, you receive the following error message after you enter credentials in the form:

 

Cause


This problem can occur in System Center Operations Manager 1801 or 1807 when you configure a specific IP address or host header in the bindings of the Web Console website.

The problem occurs because Web Console consists of two separate web applications, OperationsManager and MonitoringView. Both web applications run as virtual directories under the same website. During login, the OperationsManager application makes an outbound request to the MonitoringView application's Login.aspx page. The hostname in this request is hard-coded as "localhost." If the website has a host header or isn't bound to the loopback address, the site can't service the localhost request. Therefore, the site returns the "404" message.

Workaround


If you bind the Web Console website to a specific IP address or use a host header, create additional bindings on the website for the same ports by using the loopback address or the "localhost" hostname, depending on the scenario.

Specifically, assume that you configure the following HTTP and HTTPS bindings:

Type: HTT
IP address: <specific IP address>
Port: 80
Host name:

Type: HTTPS
IP address: <specific IP address>
Port: 443
Host name:

In the above bindings, "Host name" is left blank.

In this scenario, you also must configure the following two bindings:

Type: HTTP
IP address: [::1]
Port: 80
Host name:

Type: HTTPS
IP address: [::1]
Port: 443
Host name:

Note that recent Windows versions use [::1] for the loopback address by default. If you have disabled IPv6 by using the DisabledComponents registry value, use 127.0.0.1 in the binding.

Additionally, assume that you configure the following HTTP and HTTPS bindings:

Type: HTTP
IP address: All unassigned
Port: 80
Host name: <host name>

Type: HTTPS
IP address: All unassigned
Port: 443
Host name: <host name>

In the above bindings, <host name> is the DNS name of the web server.

In this scenario, you also must configure the following two bindings:

Type: HTTP
IP address: All unassigned
Port: 80
Host name: localhost

Type: HTTPS
IP address: All unassigned
Port: 443
Host name: localhost