In this series off blog post I am going to take you true the steps I took to install System Center Operations Manager 2016. The Environment will be installed using the following software:
My Test environment consist of the following servers,
- DC01 – Domain Controller
- SQL01 – Microsoft SQL 2016 server
- DATA01 – Data Server
- MS01 – Scom Management Server 01
- MS02 – Scom Management Server 02
- WEB01 – Scom Web Console Server,
- WAP01 – Web Applications Proxy.
Here you can find the previous blogposts
- SCOM 2016 – Install System Center Operations Manager 2016 – Part 1
- SCOM 2016 – Install System Center Operations Manager 2016 – Part 2
- SCOM 2016 – Install System Center Operations Manager 2016 – Part 3
- SCOM 2016 – Install System Center Operations Manager 2016 – Part 4
- SCOM 2016 – Install System Center Operations Manager 2016 – Part 5
- SCOM 2016 – Install System Center Operations Manager 2016 – Part 6
In this part we are going to install the System Center Operations Manager web-console and going to publish it using the Web Application Proxy Server.
I took the following steps to install the Web Application Proxy Service. Before you can start installing you need to make sure that you have a Certificate. I bought mine wildcard certificate using Xolphin. Also make sure that on you firewall you forward 443 traffic to you Web Application Proxy server and create a DNS entry web01.domain.com
- Start the “Server Manager” and click “Manage” and click “Add Roles and Features”
- On the “Add roles and Features wizard” page, in the “Before you begin” section, click “Next”
- On the “Add roles and Features Wizard” page in the “Select Installation type” section, select “Role-based or feature-based installation” and click “Next”
- On the “Add Roles and Features Wizard” page, in the “Select Destination Server” section, select the server where you want to install Web Application Proxy and click “Next”
- On the “Add Roles and Features Wizard” page, in the “Select Server Roles” section select “Remote Access” and click “Next”
- On the “Add Roles and Features Wizard” page, in the “Features” section click “Next”
- On the “Add Roles and Features Wizard” page, in the “Remote Access” section click “Next”
- On the “Add Roles and Features Wizard” page, in the “Role Services” section, select “Web Application Proxy”. In the popup “Add Roles and Features” click “Add Features”. In the “Add Roles and Features Wizard” page, in the “Role Services” section click “Next”
- On the “Add Roles and Features Wizard” page, in the “Confirm Installation Selection” section, check “Restart the destination server automatically if required” and click “Install”
- On the “Add Roles and Features Wizard” page, in the “Installation process” section, click “Close” when completed
- Login into your Active Directory Federation Server and start the Microsoft Management Console using the command “MMC”
- On the “Console1 – [Console Boot]” screen go to “File”, “Add/Remove Snap-ins” select “Certificates” then click “Add”
- On the “Certificate Snap-in” page, select “Computer account” and click “Next”
- On the “Select Computer” page, select “Local Computer (The computer this Console is running on)” and click “Finish”
- On the “Add Remove Snap-in” page click “OK”
- On the “Console1 – [Console Root\Certificates (Local Computer)\Personal\Certificates]” page, expand “Certificates (Local Computer)”, “Personal”, “Certificates” right click the certificate you used to setup you Active Directory Federation Server and go to “All Tasks”, “Export”
- On the “Certificate Export Wizard” page click “Next”
- On the “Certificate Export Wizard” page select “Yes, Export Private Key”and click “Next”
- On the “Certificate Export Wizard” page, select “Personal Information Exchange – PCKS #12 (.pfx) ” and check “Include all Certificates in the certification path if possible” and click “Next”
- On the “Certificate Export Wizard” page, in the “Password” section enter a password and click “Next”
- On the “Certificate Export Wizard” page click Browse and find a location to save the .pfx file to. Type in a name such as "mydomain.pfx" and then click Next.
- On the “Certificate Export Wizard” page and click “Finish”
- Login into your Web Application Proxy Server and start the Microsoft Management Console using the command “MMC”
- On the “Console1 – [Console Boot]” screen go to “File”, “Add/Remove Snap-ins” select “Certificates” then click “Add”
- On the “Console1 – [Console Root\Certificates (Local Computer)\Personal\Certificates]” page, expand “Certificates (Local Computer)”, “Personal” right click the certificate you used to setup you Active Directory Federation Server and go to “All Tasks”, “Import”
- On the “Certificate Import Wizard” page click “Next”
- On the “Certificate Import Wizard" page, Browse to the Certificate you exported. and click “Next”
- On the “Certificate Import Wizard” page, Enter the “password” and click “Next”
- On the “Certificate Import Wizard” page, leave the default certificate store as Personal. Click Next
- On the “Certificate Import Wizard” page, click “Finish” The end result should look something like this
- In “Server Manager” under ”Notifications” click the message “Open the Web Application Proxy Wizard”
- On the “Web Application Proxy Configuration Wizard” screen in the “Welcome” section, click “Next”
- “Optional Configuration if you have ADFS Running” On the “Web Application Proxy Configuration Wizard” page, in the “Federation Server ” section enter the “adfs.ms-opsmgr.eu” and the Service Account you created during AD FS setup. Click Next:
- On the “Web Application Proxy Configuration Wizard” page, in the “AD FS Proxy Certificate” section on the drop down menu select the certificate you imported from your AD FS server. Click Next:
- On the “Web Application Proxy Configuration Wizard” page, in the “Confirmation” section click “Configure”
- On the “Web Application Proxy Configuration Wizard” page, in the “Results” section click “Close”
- When you start the “Remote Access Management Console” result shoulld look something like this:
Now that we have the Active Directory Federation Server and Web Application Proxy installed we can start installing the System Center Operations Manager Web Console.
Before we can install the System Center Operations Manager Web Console we must install the following Software. Report viewer which can be downloaded from here and the Microsoft System CLR Types for SQL Server 2014 which can be downloaded from here. Il be using the Group Policy’s to deploy the software I already wrote down the steps you need to take to accomplish this in “SCOM 2016 – Install System Center Operations Manager 2016 – Part 3” which can be found here. Also make sure you imported your certificate.
- On server “Web01 ” start “PowerShell” command line utility as administrator to install the IIS-Components that are needed for the web-console. I ran the following command:
Add-WindowsFeature Web-Server, Web-WebServer, Web-Common-Http, Web-Default-Doc, Web-Dir-Browsing, Web-Http-Errors, Web-Static-Content, Web-Health, Web-Http-Logging, Web-Log-Libraries, Web-Request-Monitor, Web-Performance, Web-Stat-Compression, Web-Security, Web-Filtering, Web-Windows-Auth, Web-App-Dev, Web-Net-Ext45, Web-Asp-Net45, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Mgmt-Tools, Web-Mgmt-Console, Web-Mgmt-Compat, Web-Metabase, NET-Framework-45-Features, NET-Framework-45-Core, NET-Framework-45-ASPNET, NET-WCF-Services45, NET-WCF-HTTP-Activation45, NET-WCF-TCP-PortSharing45, WAS, WAS-Process-Model, WAS-Config-APIs -restart
- On Server “Web01” start “PowerShell” command line utility as administrator to install the NET components that are needed for the web-console. I ran the following command:
Add-WindowsFeature NET-WCF-HTTP-Activation45
- Check of the "Report Viewer" and the "Microsoft System CLR Types for SQL Server 2014" are installed
- On server “WEB01” start the “Internet Information Services (IIS) Manager” console and expand “WEB01 (ms-opsmgr\administrator)”, “Sites” and click “Default Web Site”
- On server “WEB01” in the “Internet Information Services (IIS) Manager” select the “Default Web Site” and from the “Actions” pane click “Bindings”
- On server “WEB01” on the “Bindings” screen click “Add”
- On server “WEB01” on the “Add Site Bindings” screen change type to “https” and select certificate you imported. When finished click “OK” The result should look something like this:
- On server “WEB01” on the “Bindings” screen click “Close”
- On server “WEB01” in the “Internet Information Services (IIS) Manager” select the “Default Web Site” and double click the “SSL Setting” and check “Require SSL” and click “Apply”
- On server “WEB01” start the “Setup.exe”
- In the “Operations Manager” Screen click “Install”
- On the “Operations Manager Setup” page in the “Select Features to Install” section select “Web Console” and click “Next”
- On the “Operations Manager Setup” page in the “Select Installation Location” section click “Next”
- On the “Operations Manager Setup” page in the “Proceed whit Setup” section click “Next”
- On the “Operations Manager Setup” page in the “Read License Term” section select “I have read, understood and agree whit the license terms” and click “Next”
- On the “Operations Manager Setup” page, in the “Specify a management Server” section enter a management server that will be used for the web console and reporting features only I entered my first management server “ms01.ms-opsmgr.eu” and click “Next”
- On the “Operations Manager Setup” page, in the “Specify a website for use whit the web console” section check “Enable SSL” and click “Next”
- On the “Operations Manager Setup” page, in the “Select an authentication mode for use whit the web console” section select “Use Mixed Authentication (Forms Authentication)” and click “Next”
- On the “Operations Manager Setup” page, in the “Diagnostic and Control” section click “Next”
- On the “Operations Manager Setup” page, in the “Microsoft Update” section select “Off” and click “Next”
- On the “Operations Manager Setup” page, in the “Installation Summary” section click “Install”
- On the “Operations Manager Setup” page, in the “Completed” section click “Close”
Now that the System Center Operations Manager Web Console is installed its time to publish the web console using the Web Applications Proxy.
- On the "WAP01" server, start the “Remote Access Management Console”
- On the “WAP01” server from the “Remote Access Management Console” from the “Task” pane click “Publish”
- On the “Publish New Application Wizard” screen in the “Welcome” section click “Next”
- On the “Publish New Application Wizard” screen in het “Preauthentication” section click “Pass-Through” and click “Next”
- On the “Publish New Application wizard” screen in the “Publishing Settings” enter the following settings and click “Next”
- Name: "Web01"
- External URL: "https://web01.ms-opsmgr.eu/"
- External Certificate: "Select the certificate you installed on de Web Application"
- Check "Enable Http to Https redirection"
-
On the “Publish New Application wizard” screen in the “Confirmation” section click “Publish”
-
On the “Publish New Application Wizard” screen in the “Results” section click “Close”
Now that the Web Application Proxy publishing rule is created we can test it using internet explorer. When we browse “https://web01.ms-opsmgr.eu/operationsmanager” you should a get an authentications challenge. When you login using your admin credentials the result should look something like this:
This concludes Part 4 on Installing System Center Operations Manager. In the next part we are going to install and configure System Center Reporting Services.
3 thoughts on “SCOM 2016 – Install System Center Operations Manager 2016 – Part 4”