Skip navigation
All Places > Implementing ArcGIS > Blog > Authors clamb-esristaff

Implementing ArcGIS

2 Posts authored by: clamb-esristaff Employee

I have been running into issues with two “features” of Windows Server 2016 while at client sites recently; Leasing and Oplocks. Leasing is fairly new, introduced as a new type of client caching mechanism in SMB 2.1.  It claims to offer more flexibility for controlling client caching and claims significant performance improvement in high latency networks. Opportunistic locking, or Oplocks, is a client caching mechanism that allows SMB1/SMB2 clients to dynamically decide the client-side buffering strategy, so the network traffic can be minimized.


Oplock requests often do not get a response in a timely fashion, you might see a up to a 35 second delay, which is the default timeout for an Oplock. This will cause application timeouts or what seems like a hanging application from the user’s perspective. Both Oplocks and Leasing can play havoc with an ArcGIS Server Site’s config-store when it is located on a file share that has these features enabled. Symptoms are disappearing services; duplicate services; and machines in a multi-machine site becoming unresponsive or locking-up, just to name a few.


Use the following steps to disable these features on the Windows Server 2016 hosting the share, and on the clients accessing the share. Be aware that it appears that some Microsoft Updates when applied reenable these settings by default.


On the Windows Server 2016 acting as the file server, check the SMB Server Configuration in PowerShell.


If Leasing or Oplocks are “true”

Set both to “false”

Set-SmbServerConfiguration -EnableLeasing $false

Set-SmbServerConfiguration -EnableOplocks $false


Verify settings in PowerShell.



On the Windows Server 2016 Clients to the share (ArcGIS Server and/or Portal), check the settings in PowerShell. These steps should not be needed for clients (ArcGIS Desktop, ArcGIS Pro, or ArcGIS Server) accessing file shares for data such as MXDs, FGDBs, Registered Folders, etc.



If OplocksDisabled is False

Set it to “$true”

Set-SmbClientConfiguration -OplocksDisabled $true

If UseOpportunisticLocking is True

Set it to “$false”

Set-SmbClientConfiguration -UseOpportunisticLocking $false



Verify settings on clients using PowerShell.


While at a client site installing and configuring ArcGIS Monitor, I needed to set up the ArcGIS Monitor Reporting Server with the client’s SSL Domain Certificate for the server so that no security error would be thrown when accessed. I was given the certificate in the PFX format (binary format for storing the server certificate, intermediate certificates, and the private key) common to Windows and readily imported by IIS. ArcGIS Monitor does not use IIS and requires that the Certificate and Private key be in separate files and in PEM format (Base64 encoded ASCII files).


Here are the steps I used to move from the single PFX file to the two PEM files required by ArcGIS Monitor Server.


  1. Download/Install OpenSSL software on an available workstation (For information on OpenSSL please visit:
  2. Open a command window and navigate to the PFX file location
  3. Extract the Public/Private key-pair 
  4. Extract the Certificate 
  5. Get the Private Key from the key-pair 
  6. The private key needs to be converted to pkcs8 format ***Copy the output and save it as sample_private_pkcs8.pem***
  7. Copy the sample_private_pkcs8.pem and sample_cert.pem files to the <Installation location>\ArcGIS Monitor\Server\ssl directory on the ArcGIS Monitor Report Server.
  8. Start ArcGIS Monitor Administrator - the Connections view appears.
  9. Click the File menu and click Open - the Open File dialog box appears.
  10. Browse to the <Installation location>\ArcGIS Monitor\Server\settings directory on the machine where ArcGIS Monitor Server is installed, click config.db, and click Open.
  11. Click Server on the main menu - the Server configuration pane appears. 
  12. Click the Private Key browse button - browse to and choose the sample_private_pkcs8.pem file and click Open.
  13. Click the Public Key browse button - browse to and choose the sample_cert.pem file and click Open. 
  14. Click the File menu and click Save to save your changes.
  15. Click the File menu and click Close to return to the Connections view.
  16. Right-click the ArcGIS Monitor Server service in the Windows Services manager and click Restart.
  17. The result is a secure connection to the ArcGIS Monitor Report Server