Skip navigation
All Places > Implementing ArcGIS > Blog
1 2 3 Previous Next

Implementing ArcGIS

73 posts

I have been running into issues with two “features” of Windows Server 2016 while at client sites recently; Leasing and Oplocks. Leasing is fairly new, introduced as a new type of client caching mechanism in SMB 2.1.  It claims to offer more flexibility for controlling client caching and claims significant performance improvement in high latency networks. Opportunistic locking, or Oplocks, is a client caching mechanism that allows SMB1/SMB2 clients to dynamically decide the client-side buffering strategy, so the network traffic can be minimized.


Oplock requests often do not get a response in a timely fashion, you might see a up to a 35 second delay, which is the default timeout for an Oplock. This will cause application timeouts or what seems like a hanging application from the user’s perspective. Both Oplocks and Leasing can play havoc with an ArcGIS Server Site’s config-store when it is located on a file share that has these features enabled. Symptoms are disappearing services; duplicate services; and machines in a multi-machine site becoming unresponsive or locking-up, just to name a few.


Use the following steps to disable these features on the Windows Server 2016 hosting the share, and on the clients accessing the share. Be aware that it appears that some Microsoft Updates when applied reenable these settings by default.


On the Windows Server 2016 acting as the file server, check the SMB Server Configuration in PowerShell.


If Leasing or Oplocks are “true”

Set both to “false”

Set-SmbServerConfiguration -EnableLeasing $false

Set-SmbServerConfiguration -EnableOplocks $false


Verify settings in PowerShell.



On the Windows Server 2016 Clients to the share (ArcGIS Server and/or Portal), check the settings in PowerShell. These steps should not be needed for clients (ArcGIS Desktop, ArcGIS Pro, or ArcGIS Server) accessing file shares for data such as MXDs, FGDBs, Registered Folders, etc.



If OplocksDisabled is False

Set it to “$true”

Set-SmbClientConfiguration -OplocksDisabled $true

If UseOpportunisticLocking is True

Set it to “$false”

Set-SmbClientConfiguration -UseOpportunisticLocking $false



Verify settings on clients using PowerShell.


Here is the last of my twelve posts as a GovLoop Featured Contributor. Thanks to them for the opportunity to support their amazing community and platform. This one is on the Importance of Communicating Your Value to Leaders. 

Here is the eleventh of my twelve posts as a GovLoop Featured Contributor. This one discusses how the future is now for the 3D digital twin in government: 

Here is the tenth of my twelve posts as a GovLoop Featured Contributor. This one discusses how GIS can be used as an effective Civic Engagement tool: 

Here is the ninth of my twelve posts as a GovLoop Featured Contributor. This one discusses how the Emergency Management industry provides a great example of the potential of GIS: 

Here is the eighth of my twelve posts as a GovLoop Featured Contributor. This one discusses the importance of a business plan for your GIS: 

Here is the seventh of my twelve posts as a GovLoop Featured Contributor. This one discusses Best Practices: 


Here is the sixth of my twelve posts as a GovLoop Featured Contributor. This one discusses how the Internet of Things (IoT) really requires integration with an enterprise GIS: 

Here is the fifth of my twelve posts as a GovLoop Featured Contributor.  This one discusses when to write code and when not to: 

When it comes to technology companies, product renaming and refocus is often inevitable. This recently occurred with Citrix as they have moved away from the "Xen" prefix and have simplified their product portfolio naming to make them easier to understand. For example, the new name for XenApp is "Citrix Virtual Apps" while XenDesktop is now "Citrix Virtual Desktops". These are the two primary products from Citrix that are used to deploy ArcGIS Desktop and ArcGIS Pro as virtualized applications. At the same time, Citrix is changing the associated product versioning and moving to a year and month format, for example:


      YYMM = Year and month when the product or component released. For example, a release in August 2018 appears       as 1808.


Citrix recently released the latest version of Citrix Virtual Apps and Desktops utilizing these changes and the current release is "Citrix Virtual Apps and Desktops 7 1808.2". This means that XenApp/XenDesktop 7.18 was the last release of the 7.x releases and the new version of "Citrix Virtual Apps" appears to be what XenApp 7.19 would have been and not a major upgrade, though Citrix is constantly evolving their products.


Though the naming changes are helpful for understanding product purpose, I don't anticipate much of an impact from these changes at a technical level. Over the last few years Esri has been certifying multiple Citrix releases and the most recent "certified" Citrix release for ArcGIS is XenApp/XenDesktop 7.17. It is likely that the new "Citrix Virtual Apps and Desktops" release, or a subsequent release, will be certified with the next major ArcGIS release so look for updates on the associated ArcGIS system requirements pages.

While at a client site installing and configuring ArcGIS Monitor, I needed to set up the ArcGIS Monitor Reporting Server with the client’s SSL Domain Certificate for the server so that no security error would be thrown when accessed. I was given the certificate in the PFX format (binary format for storing the server certificate, intermediate certificates, and the private key) common to Windows and readily imported by IIS. ArcGIS Monitor does not use IIS and requires that the Certificate and Private key be in separate files and in PEM format (Base64 encoded ASCII files).


Here are the steps I used to move from the single PFX file to the two PEM files required by ArcGIS Monitor Server.


  1. Download/Install OpenSSL software on an available workstation (For information on OpenSSL please visit:
  2. Open a command window and navigate to the PFX file location
  3. Extract the Public/Private key-pair 
  4. Extract the Certificate 
  5. Get the Private Key from the key-pair 
  6. The private key needs to be converted to pkcs8 format ***Copy the output and save it as sample_private_pkcs8.pem***
  7. Copy the sample_private_pkcs8.pem and sample_cert.pem files to the <Installation location>\ArcGIS Monitor\Server\ssl directory on the ArcGIS Monitor Report Server.
  8. Start ArcGIS Monitor Administrator - the Connections view appears.
  9. Click the File menu and click Open - the Open File dialog box appears.
  10. Browse to the <Installation location>\ArcGIS Monitor\Server\settings directory on the machine where ArcGIS Monitor Server is installed, click config.db, and click Open.
  11. Click Server on the main menu - the Server configuration pane appears. 
  12. Click the Private Key browse button - browse to and choose the sample_private_pkcs8.pem file and click Open.
  13. Click the Public Key browse button - browse to and choose the sample_cert.pem file and click Open. 
  14. Click the File menu and click Save to save your changes.
  15. Click the File menu and click Close to return to the Connections view.
  16. Right-click the ArcGIS Monitor Server service in the Windows Services manager and click Restart.
  17. The result is a secure connection to the ArcGIS Monitor Report Server 

Here is the fourth of my twelve posts as a GovLoop Featured Contributor.  This one highlights the work at the California Governor's Office of Emergency Services: 

Here is the third of my twelve posts as a GovLoop Featured Contributor: 



Here is the second of my twelve posts as a GovLoop Featured Contributor: 

For the next twelve weeks, I am a GovLoop featured contributor. Please check out my first post: