I've installed GeoEvent 10.3.1. The only login that works with the GeoEvent manager is the ArcGIS Server administrative login ID. I cannot use an Active Directory login. The ArcGIS Server 10.3.1 instance is set up for Windows Active Directory and is working with that no problem. Pass thru authentication works for ArcGIS Server Manager. AGS services are assigned to AD Groups and authentication works as expected.
In GeoEvent Manager/Site/Data Stores the 'Default' item under "Registered ArcGIS Server" displays a red icon.
One item I neglected to mention in the original post is that the ArcGIS Server security configuration is set to ASP.Net. This is required because there are some AGS users contained in Windows Groups that are considered as "Nested Groups". The ASP.Net configuration utilizes a .Net class provided by ESRI that properly handles users in nested groups.
I recently had a session with ESRI tech support and what we determined for the one machine is that GEE Manager honors domain authentication when AGS security was set to "Windows Authentication" but does not honor domain authentication when AGS is set to "ASP.Net". For the other machine domain authentication is honored for both Windows and ASP.Net configuration. So there is something weird on the one machine and the ASP.Net configuration exposes that.
The work around is to just login with the AGS Admin account. My guess is that the Web Adapter will have to be set to "
As to the problem "In GeoEvent Manager/Site/Data Stores the 'Default' item under "Registered ArcGIS Server" displays a red icon." - The "default" data store URL in GEE is set as http://localhost:6080/arcgis when you initially install GEE. For the machine with the GEE/ASP.Net issue described above this URL does not work and there is a red icon displayed in the status column. Changing the URL to http://<SERVERNAME>/arcgis is the correct setting. For the machine that accepts both Windows and ASP.Net based authentication the URL http://localhost:6080/arcgis works.
I have sort of similar setup and that is working fine. In fact, I have currently two ArcGIS Servers 10.3.1 with GeoEvent extension 10.3.1 on both in a cluster. Here some more details:
1) I log into both ArcGIS Server and GeoEvent Manager using the ArcGis Manager account
2) Both ArcGIS Server and the GeoEvent extension are running using an Active Directory account
3) Both machines in the cluster are part of the corporate domain
I also have two installations of AGS and GEE 10.3.1. On one of those I can log into GEE Manager using my Active Directory Domain ID. On the other I can only use the AGS admin account. On both installations my domain ID is a member of an Active Directory group that has been assigned the AGS Administrator role type.
I recently spent time with ESRI tech support and got no resolution other than "there is something weird' about the installation. Suggestion was to reinstall both AGS and GEE but that's not practical at the moment so logging in with the AGS Admin user is "good enough".
For now I'm just curious if others encounter this and find a more elegant solution than re-installation.
For my workflow, logging in to both ArcGIS Server and GEE using the internal ArcGIS Server account works fine. The domain account is just to run the Services--so that they can access any shared network storage/config locations.
One item I neglected to mention in the original post is that the ArcGIS Server security configuration is set to ASP.Net. This is required because there are some AGS users contained in Windows Groups that are considered as "Nested Groups". The ASP.Net configuration utilizes a .Net class provided by ESRI that properly handles users in nested groups.
I recently had a session with ESRI tech support and what we determined for the one machine is that GEE Manager honors domain authentication when AGS security was set to "Windows Authentication" but does not honor domain authentication when AGS is set to "ASP.Net". For the other machine domain authentication is honored for both Windows and ASP.Net configuration. So there is something weird on the one machine and the ASP.Net configuration exposes that.
The work around is to just login with the AGS Admin account. My guess is that the Web Adapter will have to be set to "
As to the problem "In GeoEvent Manager/Site/Data Stores the 'Default' item under "Registered ArcGIS Server" displays a red icon." - The "default" data store URL in GEE is set as http://localhost:6080/arcgis when you initially install GEE. For the machine with the GEE/ASP.Net issue described above this URL does not work and there is a red icon displayed in the status column. Changing the URL to http://<SERVERNAME>/arcgis is the correct setting. For the machine that accepts both Windows and ASP.Net based authentication the URL http://localhost:6080/arcgis works.
