Install the Operations Manager Web console
You can install the web console when you install System Center - Operations Manager, or you can install it separately. You can install a stand-alone web console or install it on an existing management server that meets the prerequisites.
Installation of Reporting and Web Console will be successful irrespective of the updates installed on Operations Manager Management Server.
Note
Operations Manager 2019 UR1 and later supports a single installer for all supported languages, instead of language-specific installers. The installer automatically selects the language based on the computer's language settings where you are installing it.
Note
Operations Manager supports a single installer for all supported languages, instead of language-specific installers. The installer automatically selects the language based on the computer's language settings where you are installing it.
For information about the prerequisites, see System Requirements for System Center Operations Manager.
Important
If you install a standalone web console on a server, you won't be able to add the management server feature to this server. If you want to install the management server and web console on the same server, you must either install both features simultaneously or install the management server before you install the web console.
When you install the web console, the following three components are installed:
Operations Manager web console
Application Diagnostics console
Application Advisor console
Note
If Application Diagnostics console isn't installed, when viewing APM alerts, you won't be able to use the link embedded in the alert description to launch the APM event details. To use this feature, install the web console within the management group.
If you plan to use network load balancing with Application Diagnostics console and Application Advisor console, be sure to use sticky sessions. This ensures that the same instance of the console is used for the entire session. For more information about network load balancing, see Network Load Balancing. For more information about sessions, see Support for Sessions.
Note
A Network Load Balancer isn't supported for the Operations Manager web console server.
Important
The web console operates with sensitive data, such as clear text user credentials, server names, IP addresses, and so on. If these are exposed on the network, they can represent a significant security risk. If Internet Information Services (IIS) doesn't have Secure Sockets Layer (SSL) configured, you're advised to configure it manually. For more information about security, see Data Encryption for Web console and Reporting server Connections.
If the web console doesn't have sufficient access to the operational database or the data warehouse database, you'll receive a warning during the web console configuration step. You can proceed with Setup, but the web console won't be configured correctly for .NET Application monitoring. To resolve this issue, you can have your database administrator run the following SQL Server statement on both the operational database and data warehouse database:
EXEC [apm].GrantRWPermissionsToComputer N'[LOGIN]'
The local and remote parameters are as follows:
For local installation, the LOGIN is: IIS APPPOOL\OperationsManagerAppMonitoring
For remote installation, the LOGIN is: Domain\MachineName$
Note
If you run Repair on the web console after installation, the settings that were selected during installation will be restored. Any changes that you manually make to the web console configuration after the installation will be reset.
Install a stand-alone Web console
Note
If your security policies restrict TLS 1.0 and 1.1, installing a new Operations Manager 2016 Web console role will fail because the setup media doesn't include the updates to support TLS 1.2. The only way you can install this role is by enabling TLS 1.0 on the system, apply Update Rollup 4, and then enable TLS 1.2 on the system.
Sign in to the computer that will host the web console with an account that has local administrative credentials.
On the Operations Manager installation media, run Setup.exe, and select Install.
On the Getting Started, Select features to install page, select Web console. To read more about what each feature provides and its requirements, select Expand all, or expand the buttons next to each feature, and select Next.
On the Getting Started, Select installation location page, accept the default location, or type in a new location or browse to one, and select Next.
Note
The default path is C:\Program Files\Microsoft System Center 2016\Operations Manager
.
Note
The default path is C:\Program Files\Microsoft System Center\Operations Manager
.
On the Prerequisites page, review and address any warnings or errors that the Prerequisites checker returns, and select Verify Prerequisites Again to recheck the system.
Note
- Installation of the web console requires that ISAPI and CGI Restrictions in IIS be enabled for ASP.NET 4. To enable this, select the web server in IIS Manager, and then double-click ISAPI and CGI Restrictions. Select ASP.NET v4.0.30319, and select Allow.
- Select ASP.NET v4.8, and select Allow (applicable for Operations Manager 2022).
If the Prerequisites checker doesn't return any warnings or errors, the Prerequisites, Proceed with Setup page appears. Select Next.
On the Configuration, Please read the license terms page, review the Microsoft Software License Terms, select I have read, understood and agree with the license terms, and select Next.
On the Configuration, Specify a management server page, enter the name of a management server that only the web console uses, and select Next.
On the Configuration, Specify a web site for use with the Web console page, select the Default Web Site, or the name of an existing website. Select Enable SSL only if the website has been configured to use Secure Sockets Layer (SSL), and select Next.
Warning
Installing the web console on a computer that has SharePoint installed isn't supported.
On the Configuration, Select an authentication mode for use with the Web console page, select your option, and select Next.
Note
If you install the management server on a server using a domain account for System Center Configuration service and System Center Data Access service, and then install the web console on a different server and select Mixed Authentication, you may need to register Service Principle Names and configure constraint delegations, as described in Running the Web Console Server on a standalone server using Windows Authentication.
On the Diagnostic and Usage Data page, review data collection terms and then select Next to continue.
If Microsoft Update isn't enabled on the computer, the Configuration, Microsoft Update page appears. Select your option, and select Next.
Review your selections on the Configuration, Installation Summary page, and select Install. Setup continues.
When Setup is finished, the Setup is complete page appears. Select Close.
Install the Web console on an existing Management server
Sign in to the computer that is hosting a management server with an account that has local administrative credentials.
On the Operations Manager installation media, run Setup.exe, and select Install.
On the Getting Started, What do you want to do? page, select Add a feature.
On the Getting Started, Select features to install page, select Web console, and select Next.
On the Prerequisites page, review and address any warnings or errors, and select Verify Prerequisites Again to recheck the system.
Note
- Installation of the System Center - Operations Manager web console requires that ISAPI and CGI Restrictions in IIS be enabled for ASP.NET 4. To enable this, select the web server in IIS Manager, and then double-click ISAPI and CGI Restrictions. Select ASP.NET v4.0.30319, and select Allow.
- Select ASP.NET v4.8, and select Allow (applicable for Operations Manager 2022).
If the Prerequisite checker returns no warnings or errors, the Prerequisites, Proceed with Setup page appears. Select Next.
On the Configuration, Please read the license terms page, review the Microsoft Software License Terms, select I have read, understood and agree with the license terms, and select Next.
On the Configuration, Specify a web site for use with the Web console page, select the Default Web Site, or the name of an existing website. Select Enable SSL only if the website has been configured to use Secure Sockets Layer (SSL), and select Next.
On the Configuration, Select an authentication mode for use with the Web console page, select your option, and select Next.
If Windows Update isn't activated on the computer, the Configuration, Microsoft Update page appears. Select your option, and select Next.
Review your selections on the Configuration, Installation Summary page, and select Install. Setup continues.
On the Setup is complete page, select Close.
Important
The Default website must have an http or https binding configured. If you configure a specific IP address or host header in the bindings of the web console website, create additional bindings on the website for the same ports by using the loopback address or the localhost hostname, depending on the scenario. For more information, see Host header or IP address binding causes web console login errors in Operations Manager.
Install a Web console by using the Command Prompt window
Sign in to the computer with an account that has local administrative credentials.
Open a Command Prompt window by using the Run as Administrator option.
Change the path to where the Operations Manager setup.exe file is located, and run the following command.
Important
Use the
/WebConsoleSSL
parameter only if your website has Secure Sockets Layer (SSL) activated.For a default web installation, specify Default Web Site for the
/WebSiteName
parameter.Note
The /ManagementServer parameter is only required when you're installing the web console on a server that isn't a management server.
setup.exe /silent /install /components:OMWebConsole /ManagementServer: <ManagementServerName> /WebSiteName: "<WebSiteName>" [/WebConsoleUseSSL] /WebConsoleAuthorizationMode: [Mixed|Network] /UseMicrosoftUpdate: [0|1] /AcceptEndUserLicenseAgreement: [0|1]
Configure permissions inheritance for the Web console
The following steps are for configuring permission inheritance for the System Center - Operations Manager Web console.
In Windows Explorer, navigate to the MonitoringView folder in the installation directory for the web console (by default,
C:\Program Files\System Center <version>\Operations Manager\WebConsole\MonitoringView
), right-click the TempImages folder, and select Properties.On the Security tab, select Advanced.
On the Permissions tab, select Change Permissions.
Select the Include inheritable permissions from this object's parent checkbox. Skip this step for Windows 2016 and later.
In Permission entries, select Administrators, and select Remove. Repeat for the SYSTEM entry, and select OK.
Select OK to close Advanced Security Settings for TempImages, and select OK to close TempImages Properties.
In Permission entries, select Administrators, and select Remove. Repeat for the SYSTEM entry, and select OK.
Select OK to close Advanced Security Settings for TempImages, and select OK to close TempImages Properties.
All information and content at https://techcommunity.microsoft.com/t5/system-center-blog/running-the-web-console-server-on-a-standalone-server-using/ba-p/340345 is provided by the owner or the users of the website. Microsoft makes no warranties, express, implied or statutory, as to the information at this website.
Configure the IIS Application Pool Identity
By default, the IIS application pool identity of the Web Console is the built-in account named ApplicationPoolIdentity. When connecting to SQL, this account uses the Windows computer login to access the Operations Manager databases. To improve security, it is recommended that you change the Web Console identity to a dedicated Active Directory user account.
To change the Web Console identity, follow these steps:
Create a user account in Active Directory to use as the Web Console identity.
Add the user to the local Administrators group on the Web Console server.
Open Local Security Policy on the Web Console server, expand Security Settings > Local Policies > User Rights Assignment and grant the following rights to the user:
Log on as a service
Generate security audits
Replace a process level token
Open SQL Server Management Studio and connect to the SQL instance that hosts the OperationsManager database.
Expand Security, right-click Logins and select New Login.
For Login name, enter the username of the account you created in Step 1 using domain\user format. Alternatively, select Search and search Active Directory for the account.
Select User Mapping.
Select the OperationsManager database, make sure that the public role membership is selected in the lower pane and select OK.
Repeat steps 4-8 for the OperationsManagerDW database.
On the Web Console server, open IIS Manager and select Application Pools.
Right-click DefaultAppPool and select Advanced Settings.
In Advanced Settings, find the Identity setting and select the three dots next to ApplicationPoolIdentity.
Select Custom account and select Set.
Enter the username in domain\user format and the password of the account you created in Step 1 and select OK three times to return to the main IIS Manager window.
Repeat Steps 11-14 for the following application pools:
MonitoringView
OperationsManager
OperationsManagerAppMonitoring
Return to SQL Server Management Studio and connect to the SQL instance that hosts the OperationsManager database.
Expand Security > Logins, find the computer account of the Web Console server and delete or disable the login.
Repeat Steps 16-17 for the OperationsManagerDW database.
Next steps
- To understand the sequence and steps for installing the Operations Manager server roles across multiple servers in your management group, see Distributed Deployment of Operations Manager.