MS-Opsmgr

Microsoft System Center Operations Manager

SCOM 2016 – Install System Center Operations Manager 2016 – Part 4

In this series off blog post I am going to take you true the steps I took to install System Center Operations Manager 2016. The Environment will be installed using the following software:

  • Microsoft Windows Server 2016 – Download from here
  • Microsoft SQL Server 2016 – Download from here
  • System Center Operations Manager 2016 – Download from here

My Test environment consist of the following servers,

  • DC01 – Domain Controller
  • SQL01 – Microsoft SQL 2016 server
  • DATA01 – Data Server
  • MS01 – Scom Management Server 01
  • MS02 – Scom Management Server 02
  • WEB01 – Scom Web Console Server,
  • WAP01 – Web Applications Proxy.

Here you can find the previous blogposts

In this part we are going to install the System Center Operations Manager web-console and going to publish it using the Web Application Proxy Server.

I took the following steps to install the Web Application Proxy Service. Before you can start installing you need to make sure that you have a Certificate. I bought mine wildcard certificate using Xolphin. Also make sure that on you firewall you forward 443 traffic to you Web Application Proxy server and create a DNS entry web01.domain.com

  1. Start the “Server Manager” and click “Manage” and click “Add Roles and Features
  2. On the “Add roles and Features wizard” page, in the “Before you begin”  section,  click “Next
  3. On the “Add roles and Features Wizard” page in the “Select Installation type” section, select “Role-based or feature-based installation” and click “Next
  4. On the “Add Roles and Features Wizard” page, in the “Select Destination Server” section, select the server where you want to install Web Application Proxy and click “Next
  5. On the “Add Roles and Features Wizard” page, in the “Select Server Roles” section select “Remote Access” and click “Next
    wap01
  6. On the “Add Roles and Features Wizard” page, in the “Features” section click “Next
  7. On the “Add Roles and Features Wizard” page, in the “Remote Access” section click “Next
    wap02
  8. On the “Add Roles and Features Wizard” page, in the “Role Services” section, select “Web Application Proxy”. In the popup “Add Roles and Features” click “Add Features”. In the “Add Roles and Features Wizard” page, in the “Role Services” section click “Next
    wap03
  9. On the “Add Roles and Features Wizard” page, in the “Confirm Installation Selection” section, check “Restart the destination server automatically if required” and click “Install
    wap04
  10. On the “Add Roles and Features Wizard” page, in the “Installation process” section, click “Close” when completed
  11. Login into your Active Directory Federation Server and start the Microsoft Management Console using the command “MMC
  12. On the “Console1 – [Console Boot]” screen go to “File”,  “Add/Remove Snap-ins” select “Certificates” then click “Add
    wap05
  13. On the “Certificate Snap-in” page, select “Computer account” and click “Next
    wap06
  14. On the “Select Computer” page, select “Local Computer (The computer this Console is running on)” and click “Finish
    wap07
  15. On the “Add Remove Snap-in” page click “OK
  16. On the “Console1 – [Console Root\Certificates (Local Computer)\Personal\Certificates]” page, expand “Certificates (Local Computer)”, “Personal”, “Certificates” right click the certificate you used to setup you Active Directory Federation Server and go to “All Tasks”, “Export
    wap09
  17. On the “Certificate Export Wizard” page click “Next
  18. On the “Certificate Export Wizard” page select “Yes, Export Private Key”and click “Next
  19. On the “Certificate Export Wizard” page, select “Personal Information Exchange – PCKS #12 (.pfx) ” and check “Include all Certificates in the certification path if possible” and click “Next
  20. On the “Certificate Export Wizard” page, in the “Password” section enter a password and click “Next
  21. On the “Certificate Export Wizard” page click Browse and find a location to save the .pfx file to. Type in a name such as "mydomain.pfx" and then click Next.
  22. On the “Certificate Export Wizard” page and click “Finish
  23. Login into your Web Application Proxy Server and start the Microsoft Management Console using the command “MMC
  24. On the “Console1 – [Console Boot]” screen go to “File”,  “Add/Remove Snap-ins” select “Certificates” then click “Add
  25. On the “Console1 – [Console Root\Certificates (Local Computer)\Personal\Certificates]” page, expand “Certificates (Local Computer)”, “Personal” right click the certificate you used to setup you Active Directory Federation Server and go to “All Tasks”, “Import
    wap10
  26. On the “Certificate Import Wizard” page click “Next
  27. On the “Certificate Import Wizard" page, Browse to the Certificate you exported. and click “Next
    wap11 
  28. On the “Certificate Import Wizard” page, Enter the “password” and click “Next
  29. On the “Certificate Import Wizard” page, leave the default certificate store as Personal. Click Next 
  30. On the “Certificate Import Wizard” page, click “Finish” The end result should look something like this
    wap12
  31. In  “Server Manager” under ”Notifications” click the message “Open the Web Application Proxy Wizard
  32. On the “Web Application Proxy Configuration Wizard” screen in the “Welcome” section, click “Next
    wap13
  33. Optional Configuration if you have ADFS Running On the “Web Application Proxy Configuration Wizard” page, in the “Federation Server ” section enter the “adfs.ms-opsmgr.eu” and the Service Account you created during AD FS setup. Click Next:
    wap14
  34. On the “Web Application Proxy Configuration Wizard” page, in the “AD FS Proxy Certificate” section on the drop down menu select the certificate you imported from your AD FS server. Click Next:
    wap15
  35. On the “Web Application Proxy Configuration Wizard” page, in the “Confirmation” section click “Configure
    wap16
  36. On the “Web Application Proxy Configuration Wizard” page, in the “Results” section click “Close
    wap17
  37. When you start the “Remote Access Management Console” result shoulld look something like this:
    wap18

Now that we have the Active Directory Federation Server and Web Application Proxy installed we can start installing the System Center Operations Manager Web Console.

Before we can install the System Center Operations Manager Web Console we must install the following Software. Report viewer which can be downloaded from here and the Microsoft System CLR Types for SQL Server 2014 which can be downloaded from here. Il be using the Group Policy’s to deploy the software I already wrote down the steps you need to take to accomplish this in “SCOM 2016 – Install System Center Operations Manager 2016 – Part 3” which can be found here. Also make sure you imported your certificate.

    1. On server “Web01 ” start “PowerShell” command line utility as administrator to install the IIS-Components that are needed for the web-console. I ran the following command:
      Add-WindowsFeature Web-Server, Web-WebServer, Web-Common-Http, Web-Default-Doc, Web-Dir-Browsing, Web-Http-Errors, Web-Static-Content, Web-Health, Web-Http-Logging, Web-Log-Libraries, Web-Request-Monitor, Web-Performance, Web-Stat-Compression, Web-Security, Web-Filtering, Web-Windows-Auth, Web-App-Dev, Web-Net-Ext45, Web-Asp-Net45, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Mgmt-Tools, Web-Mgmt-Console, Web-Mgmt-Compat, Web-Metabase, NET-Framework-45-Features, NET-Framework-45-Core, NET-Framework-45-ASPNET, NET-WCF-Services45, NET-WCF-HTTP-Activation45, NET-WCF-TCP-PortSharing45, WAS, WAS-Process-Model, WAS-Config-APIs -restart

                   

    2. On Server “Web01” start “PowerShell” command line utility as administrator to install the NET components that are needed for the web-console. I ran the following command:

      Add-WindowsFeature NET-WCF-HTTP-Activation45

      Web02

    3. Check of the "Report Viewer" and the "Microsoft System CLR Types for SQL Server 2014" are installed
    4. On server “WEB01” start the “Internet Information Services (IIS) Manager” console and expand “WEB01 (ms-opsmgr\administrator)”, “Sites” and click “Default Web Site

      IIS01

    5. On server “WEB01” in the “Internet Information Services (IIS) Manager” select the “Default Web Site” and from the “Actions” pane click “Bindings
    6. On server “WEB01” on the “Bindings” screen click “Add
    7. On server “WEB01” on the “Add Site Bindings” screen change type to “https” and select certificate you imported. When finished click “OK” The result should look something like this:

      IIS02

    8. On server “WEB01” on the “Bindings” screen click “Close
    9. On server “WEB01” in the “Internet Information Services (IIS) Manager” select the “Default Web Site”  and double click the “SSL Setting” and check “Require SSL” and click “Apply” 
      IIS03

    10. On server “WEB01” start the “Setup.exe
    11. In the “Operations Manager” Screen click “Install

      Web03

    12. On the “Operations Manager Setup” page in the “Select Features to Install” section select “Web Console” and click “Next

      Web04

    13. On the “Operations Manager Setup” page in the “Select Installation Location” section click “Next

      Web05 

    14. On the “Operations Manager Setup” page in the “Proceed whit Setup” section click “Next

      Web06

    15. On the “Operations Manager Setup” page in the “Read License Term” section select “I have read, understood and agree whit the license terms” and click “Next

      Web07

    16. On the “Operations Manager Setup” page, in the “Specify a management Server” section enter a management server that will be used for the web console and reporting features only I entered my first management server “ms01.ms-opsmgr.eu” and click “Next

      Web08

    17. On the “Operations Manager Setup” page, in the “Specify a website for use whit the web console” section check “Enable SSL” and click “Next 
      Web09
    18. On the “Operations Manager Setup” page, in the “Select an authentication mode for use whit the web console” section select “Use Mixed Authentication (Forms Authentication)” and click “Next

      Web10

    19. On the “Operations Manager Setup” page, in the “Diagnostic and Control” section click “Next

      Web11

    20. On the “Operations Manager Setup” page, in the “Microsoft Update” section select “Off” and click “Next

      Web12 

    21. On the “Operations Manager Setup” page, in the “Installation Summary” section click “Install

      Web13

    22. On the “Operations Manager Setup” page, in the “Completed” section click “Close

      Web14blis

    Now that the System Center Operations Manager Web Console is installed its time to publish the web console using the Web Applications Proxy.

    1. On the "WAP01" server, start the “Remote Access Management Console
    2. On the “WAP01” server from the “Remote Access Management Console” from the “Task” pane click “Publish

      wap19

    3. On the “Publish New Application Wizard” screen in the “Welcome” section click “Next

      wap20

    4. On the “Publish New Application Wizard” screen in het “Preauthentication” section click “Pass-Through” and click “Next

      wap21

    5. On the “Publish New Application wizard” screen in the “Publishing Settings” enter the following settings and click “Next

      • Name: "Web01"
      • External URL: "https://web01.ms-opsmgr.eu/"
      • External Certificate: "Select the certificate you installed on de Web Application"
      • Check "Enable Http to Https redirection"

      The result should look something like this:

      wap22

    6. On the “Publish New Application wizard” screen in the “Confirmation” section click “Publish

      wap23

    7. On the “Publish New Application Wizard” screen in the “Results” section click “Close” 

    Now that the Web Application Proxy publishing rule is created we can test it using internet explorer. When we browse “https://web01.ms-opsmgr.eu/operationsmanager” you should a get an authentications challenge. When you login using your admin credentials  the result should look something like this:

    webconsolefinished

     

    This concludes Part 4 on Installing System Center Operations Manager. In the next part we are going to install and configure System Center Reporting Services.