When accessing the web console from the server hosting the web site there is no problem, but when accessing it from another server, you get the following message:




This issue is pretty common and I have already blogged about it here: https://blog.ctglobalservices.com/msk/scom-2012-web-console-prompts-for-username-and-password/. As written in the blog post, this is due to Kerberos double hop.

But what to do when that solution doesn’t do the trick?


I made sure that everything was as supposed:


Only Windows Authentication was enabled:



In Providers, NTLM had been moved up, which normally is the fix:



I then started looking at the Advanced Settings of the Application Pool and even tried to change the identity to Local System, SDK etc. – no luck.



Several places I read about a setting in Active Directory: ”Trust this computer for delegation to any service (Kerberos only)”:



But this had no affect either. I also read that one must choose the last option if the Domain Functional Level is 2003, which wasn’t my case.




I had compared every value with my own environment and everything was exactly the same. Except for one. In Providers I saw the “Available Providers” and found “Negotitate:Kerberos”, which sounded like something I needed.



I added this and moved it up.



Voila! I am now able to open the web console on any server without being asked for credentials!


Happy accessing your web console without typing in your credentials!