Federated ArcGIS Server Unuthorized Access

06-08-2019 02:56 AM
New Contributor III

Hi All,

We have a HA Portal site, with a multi-machine Federated ArcGIS Server. The Portal and ArcGIS Server both have two Web Adaptors and Load Balancers in front of the WAs. IWA has been configured in IIS according to this technical article.

If we browse to our Portal through the load balancer, e.g. 'https://lb.domain.com/portal/home', IWA works with no issues and we are authenticated. However, if we browse directly to either one of the Portal Web Adaptors, e.g. 'https://wa1.domain.com/portal/home' we are always prompted for login credentials and even if we enter the correct credentials, we never seem to get authenticated.

Likewise, when we browse to a single ArcGIS Server, through Web Adaptor, or even directly to the server itself through 'https://server1.domain.com:6443/arcgis/manager', we are always prompted for authentication. However, if we go through the ArcGIS Server load balancer, e.g. 'https://lb2.domain.com/arcgis/manager' IWA works as expected and we get straight in.

We can't seem to pinpoint what might be preventing us from doing this. We're wondering if it potentially is the federated server URL and admin URL are both set to 'https://lb2.domain.com/arcgis', therefore if we go to anything other than that Portal doesn't accept it.

Typically, these issues aren't really a problem because all of our users are going through the load balancers and as such, are authenticating with IWA as expected. Where we have ran into issues is when we upgrade our ArcGIS Servers and the steps are to:

  • un-install the Web Adaptors,
  • then upgrade Servers,
  • then Continue Server Upgrade using 'https://server1.domain.com:6443/arcgis/manager.

Because of this, we can never authenticate with Portal at this step and always receive an Unauthorized Access message at the Server Manager.

As previously mentioned, once we re-install both Web Adaptors and access it through the LB it all works again, but we dont believe the Servers have properly upgraded because we never see the Continue Server Upgrade step.

Any advice on this would be great, are there settings with how we have federated we should be changing etc?



0 Kudos
0 Replies