You cannot access the System Center 2012 Operations Manager AppAdvisor website when you use Kerberos authentication
Consider the following scenario:
- You are using Microsoft System Center 2012 Operations Manager.
- The Application Advisor (AppAdvisor) console is installed on a different computer than the server that is running the SQL reporting services or the server that is hosting the OperationsManagerDW database.
- You are using Kerberos authentication to access AppAdvisor.
This behavior may occur because of an increase in the number of authentication hops that are required.
To work around this behavior, configure AppAdvisor to use forms-based authentication. This configuration generates a dialog box in which the user can enter credentials.
Microsoft has confirmed that this is expected behavior in the Microsoft products that are listed in the "Applies to" section.
If you are a member of the Operations Manager Application Monitoring Operator role, the user account must be authenticated when you access AppAdvisor. This is so that the user account can be checked against the System Center data access service in order to grant access to AppAdvisor.
AppAdvisor acts as a proxy between SQL Server Reporting Services (SSRS) and the front-end server that lets you select certain reports and their parameters. The SQL reporting services have their own authentication model. This model is changed by System Center – Operations Manager during reporting installation. This change introduces an additional hop in the authentication process.
The identity flow for AppAdvisor is as follows.
- From browser to website: The website performs an initial check of the user's identity to determine whether the user is granted access. This check is performed against the System Center data access service.
- From website to SSRS: The user's identity must be forwarded to SSRS because Operations Manager uses SSRS to enforce a separate identify and authorization check against the System Center Data Access service.
- From SSRS to the OperationsManagerDW database: This step uses the SSRS AppPool credentials.
For more information about the identity flow for AppAdvisor, go to the following Systems Center – Operations Manager forum website:
Article ID: 2872367 - Last Review: 08/15/2013 22:32:00 - Revision: 1.0
Microsoft System Center 2012 Operations Manager Service Pack 1, Microsoft System Center 2012 Operations Manager