When accessing the web console from the server hosting the web site there is no problem, but when accessing it from another server, you get the following message:

 

clip_image002

 

This issue is pretty common and I have already blogged about it here: https://blog.ctglobalservices.com/msk/scom-2012-web-console-prompts-for-username-and-password/. As written in the blog post, this is due to Kerberos double hop.

But what to do when that solution doesn’t do the trick?

 

I made sure that everything was as supposed:

 

Only Windows Authentication was enabled:

clip_image003

 

In Providers, NTLM had been moved up, which normally is the fix:

clip_image005

 

I then started looking at the Advanced Settings of the Application Pool and even tried to change the identity to Local System, SDK etc. – no luck.

clip_image006

 

Several places I read about a setting in Active Directory: ”Trust this computer for delegation to any service (Kerberos only)”:

clip_image007

 

But this had no affect either. I also read that one must choose the last option if the Domain Functional Level is 2003, which wasn’t my case.

 

Solution

 

I had compared every value with my own environment and everything was exactly the same. Except for one. In Providers I saw the “Available Providers” and found “Negotitate:Kerberos”, which sounded like something I needed.

clip_image009

 

I added this and moved it up.

clip_image011

 

Voila! I am now able to open the web console on any server without being asked for credentials!

 

Happy accessing your web console without typing in your credentials!