I got a weird issue today. A user could open the web console and login successfully, but when he clicked on a view he got 401 or access denied. When I tried with my admin ID, I was shocked to get the same results. This obviously wasn’t a true access issue, but some IIS/SCOM issue. Unfortunately I couldn’t find anything in the local logs!
After a bit, I found the right solution on TechNet (http://social.technet.microsoft.com/Forums/systemcenter/en-US/5d0029bd-a595-41aa-8065-2dd8fe34c0ac/scom-2012-web-console-401-unauthorized-access-is-denied-due-to-invalid-credentials)
1. Open the IIS console
2. Select the monitoring view website > select Authentication > select windows authentication > select Advanced Setting > Uncheck enable Kernel mode authentication > OK
3. Select Provider > Make sure that NTLM at top then Kerberos & then negotiate (you may have to add Kerberos)
4. Do the same on OperationsManager Website
5. Do an IISRESET
Note: I am running SCOM 2012 SP1 on a W2K8 R2 server.