Running the Web Console Server on a standalone server using Windows Authentication

One of the big issues we had in OpsMgr 2007 RTM was if you installed the Database and the Root Management Server(RMS) on a standalone server with the SDK and Config services running under a domain account users could not install the Web Console Server on a standalone machine and use Windows Authentication. The only other option was to use Forms based authentication which required you to enter a user ID and password every time the web console was launched, something even I hated doing. What was even worse was if your RMS was clustered you could not use Windows Authentication because we did not support installing the Web Console on a cluster. The good news is that we have fixed this issue in OpsMgr SP1 but users will still need to set up constraint delegation  which basically allows a computer to be trusted for delegation, this is a AD-Kerberos limitation and not a product limitation. The attached doc has the steps to setup constraint delegation to support this scenario. I want to thank Marc, Manish and Ranga for helping get this scenario working in SP1.

Satya Vel | Program Manager | System Center |

Setting Up Constraint Delegation.docx