SCVMM 2016 Enable HSTS

Craig Garland 1 Reputation point
2023-02-23T04:34:57.3+00:00

Hi,

I have a SCVMM 2016 that is failing a security review due to HSTS no being enabled.

Thought this would be a quick fix just add Strict-Transport-Security, but I cannot find any instruction on where to do this for SCVMM 2016.

If anyone know how to enable HSTS for SCVMM 2016 on port 8101, can you let me know?

Thanks for your time in advance.

Craig

System Center Virtual Machine Manager
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,155 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Juan Valdez 5 Reputation points
    2023-02-23T08:06:53.6066667+00:00

    Hi @Craig Garland ,

    First check the path of your installation to locate where is the webservice running

    by default is "C:\Program Files\Microsoft System Center 2016\Virtual Machine Manager" check if you see this folders in "bin\WebConsole\iis"

    *Important!: into the iis folder please look for the file web.config make a copy of this file to be sure that you have a backup.

    Open the original file and look for the <system.webServer> line and add this :

    <httpProtocol>
  <customHeaders>
    <add name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains" />
  </customHeaders>
</httpProtocol>

    Save the change and restar the iis, you can use the command iisreset /restart after this you will be able to use HSTS on the port 8101, if you want to change the port in the same file look for the line bindingInformation and it will show the ports defined to http and https.

    Note: if this not works for you, you need make a rollback of the file web.config using the backup created before and restar the iis again.

    Please let us know if its work for you.

    Reference:

    https://learn.microsoft.com/en-us/iis/get-started/whats-new-in-iis-10-version-1709/iis-10-version-1709-hsts

    1 person found this answer helpful.
    0 comments
  2. Juan Valdez 5 Reputation points
    2023-02-23T08:14:21.46+00:00

    Hi Craig,

    Please check your path of the SCVMM installation by default is in this path:

    C:\Program Files\Microsoft System Center 2016\Virtual Machine Manager\

    if its your case go to the folder bin\WebConsole\iis\ into the installation path.

    Locate the web.config file and make a backup. to be able to make a roll back if it not works for you!

    Edit the file web.config and look of this line called "<system.webServer>" after this paste this code and save the file:

    <httpProtocol>
  <customHeaders>
    <add name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains" />
  </customHeaders>
</httpProtocol>

    after this resatar the iis, you can use the command iisreset /restart.

    And please check if you are able to use the por 8101, at this moment you should be have to HSTS enabled. If you want to change the port in the same file you can find a section called bindinginformation and you will be see the ports.

    Please let us know if this solution works for you!, In case that not you can make a roll back using the web.config an reset the iis again.

    Please check this reference for more documentation about the HSTS on IIS.

    https://learn.microsoft.com/en-us/iis/get-started/whats-new-in-iis-10-version-1709/iis-10-version-1709-hsts