System Center Service Manager tips tricks and discoveries across the web. Follow this blog and receive notification via email on new posts, or grab the feed URL.
Monday, July 25, 2011
Extending Incident properties and forms - SCSM Engineering Team Blog - Site Home - TechNet Blogs
Wednesday, July 20, 2011
Four SCSM Self-Service Portal Solutions (certificate, redirect, alias)
When accessing the Self-Service Portal, typing https://servername/enduser into the browser address isn't acceptable for most organizations. This blog posts addresses 4 concerns of the self-service portal and how to resolve them. The information may be common to many IT Professionals; however, it was not common to me, as I have rarely been required to set up IIS sites in the past. I must also mention and thank the source for most of this information, Thomas Bianco, who has challenged me with (I think uncommon) Service Manager questions and answers.
1. Creating a DNS entry for your Self-Service portal
2. Properly creating a certificate to access the Self-Service Portal
3. Automatically redirecting to the end-user portal when typing in that alias
4. Preventing the need to type in https in front of the site name
For each of these steps, we are going to assume the following:
Self-Service Portal Server Name: SCSM01
Website Name we want to use: ServiceManager.domain.local
To test, simply type servicemanager into your browser. You should be redirected.
1. Creating a DNS entry for your Self-Service portal
2. Properly creating a certificate to access the Self-Service Portal
3. Automatically redirecting to the end-user portal when typing in that alias
4. Preventing the need to type in https in front of the site name
For each of these steps, we are going to assume the following:
Self-Service Portal Server Name: SCSM01
Website Name we want to use: ServiceManager.domain.local
1. Creating a DNS entry for your Self-Service portal
- Log into DNS for your Active Directory Domain
- Go to Forward Lookup Zones
- Select you domain
- Right click on your domain
- Select New Alias (CNAME)
- In the Alias Name box type "ServiceManager" (Without the quotes)
- In the Fully Qualified Domain Box Type "ServiceManager.domain.local" (Without the quotes)
- Click Ok
- To test, Browse to https://servicemanager/enduser
- You will still receive a certificate error, but should be able to click on to the site
2. Properly creating a certificate to access the Self-Service Portal
- Log onto you SCSM Self-Service Portal Server
- Start > Run > MMC > File > Add/Remove Snap-in
- In the list of snap-ins, select Certificates
- Click Add
- A window should pop up stating "This snap-in will always maange certificates for:"
- Select Computer Account > Next
- Select "Local Computer" > Next
- Finish
- Ok
- Expand Certificate (Local Computer) > Personal > Certificates
- Right Click > Request New Certificate
- Select the Certificate Enrollment Policy
- Next
- On the enrollment policy click the link labeled "More information is required to enroll for this certificate. Click here to configure settings."
- On the Subject tab, on the dropdown box under Type: Populate each field and add them as necessary
- Under Alternative name, under Type: Select DNS
- Type in all the names that could be used to access the SSP. For example servicemanager, servicemanager.domain.local, SCSM01, SCSM01.domain.local
- Click Add
- Select the General Tab and populate the fields
- Select the Private Key Tab > Key Options Check the box "Make private key exportable
- Select the Certificate Authority Tab
- Select the correct certificate authority for your organization
- OK
- Back on the Certificate Enrollment Window check the "Web Server" box
- Click Enroll
Update the SSP with the new certificate
- Go to IIS Manager
- Select SCSMPortal
- Select Bindings
- On the HTTPS binding, click edit
- In the SSL certificate box, select you new certificate
- Click OK
- Click Close
The Certificate Error on the Self-Service Portal should no longer exist.
3. Automatically redirecting to the end-user portal when typing in that alias
- Open IIS Manager
- Select SCSMPortal
- Double Click HTTP Redirect (If HTTP Redirect in not installed, go to Roles, Add Features, Select HTTP Redirect)
- Check the box "Redirect requests to this destination"
- Type in "enduser\" (Without the quotes)
- Under redirect behavior make sure "Redirect all requests to exact destination" is UNCHECKED
- Under redirect behavior make sure "Only redirect requests to content in the directory" is CHECKED
- In the Status Code Select "Found (302)"
- Click Apply
- Go to the Analyst and enduser vitual directories under SCSMPortal
- Select HTTP Redirect
- Make sure "redirect requests to this destination" is UNCHECKED
- To Test type in https://servicemanager
- You should automatically be redirected to https://servicemanager/enduser
4. Preventing the need to type in https in front of the site name
From Thomas:
[A Client] had a requirement to silently redirect users from their HTTP support site to the new HTTPS. It took me a few hours, but I found out an easy way to do this without redirecting to an absolute path that would break outside access through the firewall. First, I’m using the same redirect we worked out at [Client], then adding in the URL rewrite add-in from http://www.iis.net/download/URLRewrite. The HTTP redirect moves users who hit the website root down to the enduser virtual directory, and the rewrite directives moves connections from HTTP to HTTPS. The only downside is that people going to the root with HTTP get redirected twice, which takes about 1-4 seconds...Feel free to steal this for your blog.
Here's how:
- Open IIS Manager
- Select SCSMPortal
- Select bindings
- Click Add
- Type: http
- IP address: All unassigned
- Port: 80
- Host Name: Leave Blank
- Click OK
- If you get a warning about Port 80 being using on the default website, you may want to stop the default website or remove the binding from the default website
- Click Close
- Install the URL Rewrite utility from http://www.iis.net/download/URLRewrite
- Browse to the directory of the SCSM Portal
- Backup the web.config file
- Open the Web.config file
- Paste in the following and save the web.config file:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<httpRedirect enabled="true" destination="enduser/" childOnly="true" />
<rewrite>
<rules>
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" /> <!-- Require SSL must be OFF in the site settings -->
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}{REQUEST_URI}" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
To test, simply type servicemanager into your browser. You should be redirected.
Monday, July 18, 2011
Showing the Correct Display Name for Related Objects in View Columns - SCSM Engineering Team Blog - Site Home - TechNet Blogs
Showing the Correct Display Name for Related Objects in View Columns - SCSM Engineering Team Blog - Site Home - TechNet Blogs: "Showing the Correct Display Name for Related Objects in View Columns"
Monday, July 11, 2011
Changing SCSM Portal Address
Great article on changing the SCSM portal Address
http://memoexp.wordpress.com/2011/03/30/changing-scsm-portal-address/
http://memoexp.wordpress.com/2011/03/30/changing-scsm-portal-address/
Ever have a customer request that they want the Self Service Portal to be a specific address, different from the one you’ve initially setup? Well, its not possible to change the URL. However what you can do is set up a CNAME in your DNS to accomplish this goal. Here is how to do it.
1. Go to the DC. Open up DNS under Administrative Tools. Under the DC, expand Forward Lookup Zones, then right click the folder with the domain name, select New Alias (CNAME).
2. Under Alias Name, type in the portal URL that you want. Then under target host, drill down and browse to your portal host name, which in my case is SCSM. Click Ok.
3. Go to the server which the Portal is installed. Launch IIS Manager, go to the Portal Sites, in my case, SCSMPortal, click onBindings on the right panel.
4. Click Add.
5. Select Type as https, IP address as All Unassigned, Port as 443. Then select the SSL certificate. Click Ok.
6. While highlighting your portal on the left pane, in my case SCSMPortal, Double click HTTP Redirect.
Note! HTTP Redirect is not installed by default for IIS7. To install it, go to Server Manager > Roles > Web Server (IIS), look for Add Role Services, you’ll find that you will have the option to install HTTP Redirection.
7. Check Redirect requests to this destination. Key in the full address of the Portal Site, click Apply on the right pane. If you’re not sure, its https:// + Full Computer Name + /enduser. So for my case it is https://scsm.systemcenter.local/enduser
(To get your Full Computer Name, Right click My Computer > Properties. You’ll see it there.)
8. Browse to the new URL which in my case is https://servicemanager, the portal should launch without problems.
P/s If you’re getting password prompts when using the new URL, then highlight the portal on the left pane, and double click onAuthentication. Select Basic Authentication and click on Enable on the right pane. Try using the new URL again, you shouldn’t get any prompts now.
March 30, 2011 - Posted by James | System Center Service Manager (SCSM)
Friday, July 8, 2011
Subscribe to:
Posts (Atom)