Install the Operations Manager web console

You can install the web console when you install System Center Operations Manager, or you can install it separately. You can install a standalone web console or install it on an existing management server that meets the prerequisites.

If you install a standalone web console on a server, you can't add the management server feature to this server. If you want to install the management server and web console on the same server, you must either install both features simultaneously or install the management server before you install the web console.

Console components

When you install the web console, the following components are also installed:

Application Diagnostics console
Application Advisor console

If the Application Diagnostics console isn't installed, when you're viewing Application Performance Monitoring (APM) alerts, you can't use the link embedded in the alert description to open the APM event details. To use this feature, install the web console within the management group.

A network load balancer isn't supported for the Operations Manager web console server. If you plan to use network load balancing with the Application Diagnostics console and the Application Advisor console, be sure to use sticky sessions. This action ensures that the same instance of the console is used for the entire session. For more information about network load balancing, see Network Load Balancing. For more information about sessions, see Support for Sessions.

Prerequisites

Ensure that your server meets the minimum system requirements for Operations Manager.
Installation of the web console requires ISAPI and CGI Restrictions in IIS to be enabled for ASP.NET 4:
1. In IIS Manager, select the web server, and then double-click ISAPI and CGI Restrictions.
2. For Operations Manager 2016 or 2019, select ASP.NET v4.0.30319. For Operations Manager 2022 or later, select ASP.NET v4.8. Then select Allow.

Note

We recommend that you don't use the NT Authority\SYSTEM user for the installation of System Center Operations Manager.

You can successfully install the web console regardless of the updates installed on the Operations Manager management server.

Important considerations

The web console operates with sensitive data, such as clear-text user credentials, server names, and IP addresses. If this data is exposed on the network, it can represent a significant security risk. If Internet Information Services (IIS) doesn't have Secure Sockets Layer (SSL) configured, we advise you to configure it manually. For more information about security, see Data encryption for web console and reporting server connections.
If the web console doesn't have sufficient access to the operational database or the data warehouse database, you receive a warning during the web console configuration step. You can proceed with Setup, but the web console won't be configured correctly for .NET application monitoring.

To resolve this issue, you can have your database administrator run the following SQL Server statement on both the operational database and the data warehouse database:
```
EXEC [apm].GrantRWPermissionsToComputer N'[LOGIN]'
```
The local and remote parameters are as follows:
- For local installation, LOGIN is IIS APPPOOL\OperationsManagerAppMonitoring.
- For remote installation, LOGIN is Domain\MachineName$.

If your security policies restrict TLS 1.0 and 1.1, installing a new Operations Manager 2016 web console role will fail because the setup media doesn't include the updates to support TLS 1.2. The only way that you can install this role is by enabling TLS 1.0 on the system, apply Update Rollup 4, and then enable TLS 1.2 on the system.

If you run Repair on the web console after installation, the settings that you selected during installation are restored. Any changes that you manually make to the web console configuration after the installation are reset.
Installing the web console on a computer that has SharePoint installed isn't supported.

Operations Manager 2019 UR1 and later support a single installer for all supported languages, instead of language-specific installers. The installer automatically selects the language based on the computer's language settings where you're installing it.

Operations Manager supports a single installer for all supported languages, instead of language-specific installers. The installer automatically selects the language based on the computer's language settings where you're installing it.

Installer validation (recommended)

After you download the installation media (.zip), we recommend verifying that the file isn't corrupted. Following is the checksum for the file:

EAB2EB4A877857E44420759512682A153AFBBD80A169752CCD9B0DB8A9C0D1C2

77E84740E2D7BD893227627616CC048B5BC1EF939F734D326EB654CADE8E5C0C

5562D148315D8208F15CACE00F33C6A9820AF1EA3CAAA9CD2144973B4548B8C9

To verify its authenticity, perform checksum validation on your computer by running the following PowerShell snippet:

$expectedChecksum = "ENTER_EXPECTED_HASH_HERE"
$zipFilePath = "ENTER_ZIP_Path\<product>_<version>.zip"
$expectedChecksum -eq (Get-FileHash -Path $zipFilePath -Algorithm SHA256).Hash

When validation passes, True is printed. If False is printed, the downloaded file isn't valid and you need to download it again.

Install a standalone web console

Sign in to the computer that will host the web console. Use an account that has local administrative credentials.
On the Operations Manager installation media, run Setup.exe, and then select Install.
On the Getting Started > Select features to install page, select Web console. To read more about each feature and its requirements, select Expand all (or expand the button next to each feature). Then select Next.
On the Getting Started > Select installation location page, accept the default location. Or you can enter a new location or browse to one. Then select Next.

The default path is C:\Program Files\Microsoft System Center 2016\Operations Manager.

The default path is C:\Program Files\Microsoft System Center\Operations Manager.
On the Prerequisites page, review and address any warnings or errors that the prerequisites checker returns. Then select Verify Prerequisites Again to recheck the system.
If the prerequisites checker doesn't return any warnings or errors, the Prerequisites > Proceed with Setup page appears. Select Next.
On the Configuration > Please read the license terms page, review the Microsoft Software License Terms. Select I have read, understood and agree with the license terms, and then select Next.
On the Configuration > Specify a management server page, enter the name of a management server in the management group. Then select Next.
On the Configuration > Specify a web site for use with the Web console page, select Default Web Site or the name of an existing website. Select Enable SSL only if the website is configured to use SSL, and then select Next.
On the Configuration > Select an authentication mode for use with the Web console page, select your option, and then select Next.

Note

If you install the management server on a server by using a domain account for the System Center Configuration service and System Center Data Access service, and then you install the web console on a different server and select Mixed Authentication, you might need to register service principal names and configure constraint delegations. For more information, see HTTP 500 error when you connect to the Operations Manager web console remotely.
On the Diagnostic and Usage Data page, review data collection terms, and then select Next.
If Microsoft Update isn't enabled on the computer, the Configuration > Microsoft Update page appears. Select your option, and then select Next.
Review your selections on the Configuration > Installation Summary page, and then select Install.
When Setup finishes, the Setup is complete page appears. Select Close.

Install the web console on an existing management server

Sign in to the computer that's hosting a management server. Use an account that has local administrative credentials.
On the Operations Manager installation media, run Setup.exe, and then select Install.
On the Getting Started > What do you want to do? page, select Add a feature.
On the Getting Started > Select features to install page, select Web console, and then select Next.
On the Prerequisites page, review and address any warnings or errors. Then select Verify Prerequisites Again to recheck the system.
If the prerequisite checker returns no warnings or errors, the Prerequisites > Proceed with Setup page appears. Select Next.
On the Configuration > Please read the license terms page, review the Microsoft Software License Terms. Select I have read, understood and agree with the license terms, and then select Next.
On the Configuration > Specify a web site for use with the Web console page, select Default Web Site or the name of an existing website. Select Enable SSL only if the website is configured to use SSL, and then select Next.
On the Configuration > Select an authentication mode for use with the Web console page, select your option, and then select Next.
If Windows Update isn't activated on the computer, the Configuration > Microsoft Update page appears. Select your option, and then select Next.
Review your selections on the Configuration > Installation Summary page, and then select Install.
On the Setup is complete page, select Close.

Important

You must have an HTTP or HTTPS binding configured for Default Web Site. If you configure a specific IP address or host header in the bindings of the web console website, create additional bindings on the website for the same ports by using the loopback address or the localhost host name, depending on the scenario. For more information, see Host header or IP address binding causes web console login errors in Operations Manager.

Install a web console by using the Command Prompt window

Sign in to the computer by using an account that has local administrative credentials.
Open a Command Prompt window by using the Run as Administrator option.
Change the path to where the Operations Manager setup.exe file is located by running the following command. Keep this parameter information in mind:
- Use the /WebConsoleUseSSL parameter only if your website has SSL activated.
- For a default web installation, specify Default Web Site for the /WebSiteName parameter.
- The /ManagementServer parameter is required only when you're installing the web console on a server that isn't a management server.
```
setup.exe /silent /install /components:OMWebConsole
/ManagementServer: <ManagementServerName>
/WebSiteName: "<WebSiteName>" [/WebConsoleUseSSL]
/WebConsoleAuthorizationMode: [Mixed|Network]
/UseMicrosoftUpdate: [0|1]
/AcceptEndUserLicenseAgreement: [0|1]
```

Configure permission inheritance for the web console

In File Explorer, go to the MonitoringView folder in the installation directory for the web console (by default, C:\Program Files\System Center <version>\Operations Manager\WebConsole\MonitoringView). Right-click the TempImages folder, and then select Properties.
On the Security tab, select Advanced.
On the Permissions tab, select Change Permissions.

For Windows Server 2012 and earlier, select the Include inheritable permissions from this object's parent checkbox. Skip this step for Windows Server 2016 and later.
In Permission entries, select Administrators > Remove. Repeat for the SYSTEM entry, and then select OK.
Select OK to close Advanced Security Settings for TempImages, and then select OK to close TempImages Properties.

In Permission entries, select Administrators > Remove. Repeat for the SYSTEM entry, and then select OK.
Select OK to close Advanced Security Settings for TempImages, and then select OK to close TempImages Properties.

Configure the IIS application pool identity

By default, the IIS application pool identity of the web console is the built-in account named ApplicationPoolIdentity. When this account connects to SQL Server, it uses the Windows computer login to access the Operations Manager databases. To improve security, we recommend that you change the web console identity to a dedicated Active Directory user account.

To change the web console identity:

Create a user account in Active Directory to use as the web console identity.
Add the user to the Local Administrators group on the web console server.
On the web console server, open Local Security Policy. Expand Security Settings > Local Policies > User Rights Assignment and grant the following rights to the user:
- Log on as a service
- Generate security audits
- Replace a process level token
Open SQL Server Management Studio, and connect to the SQL Server instance that hosts the OperationsManager database.
Expand Security, right-click Logins, and then select New Login.
For Login name, enter the username of the account that you created in step 1 by using domain\user format. Alternatively, select Search and search for the account in Active Directory.
Select User Mapping.
Select the OperationsManager database, make sure that the public role membership is selected on the lower pane, and then select OK.
Repeat steps 4 to 8 for the OperationsManagerDW database.
On the web console server, open IIS Manager and select Application Pools.
Right-click DefaultAppPool, and then select Advanced Settings.
In Advanced Settings, find the Identity setting and select the three dots next to ApplicationPoolIdentity.
Select Custom account > Set.
Enter the username in domain\user format and the password of the account that you created in step 1. Then select OK three times to return to the main IIS Manager window.
Repeat steps 11 to 14 for the following application pools:
- MonitoringView
- OperationsManager
- OperationsManagerAppMonitoring
Return to SQL Server Management Studio and connect to the SQL Server instance that hosts the OperationsManager database.
Expand Security > Logins and find the computer account of the web console server. Delete or disable the login.
Repeat steps 16 to 17 for the OperationsManagerDW database.

To understand the sequence and steps for installing the Operations Manager server roles across multiple servers in your management group, see Distributed deployment of Operations Manager.

Feedback

Was this page helpful?

Last updated on 2025-10-09