Select to view content in your preferred language

Communication issues between Portal and Server in same Azure VNet

1326
4
Jump to solution
01-26-2023 01:30 AM
JohnFannon
Frequent Contributor

We are attempting to put together a development ArcGIS Enterprise build in Azure that uses the following:

  • ArcGIS Server installed on a Windows VM (inc data store etc).
  • ArcGIS Portal installed on a Windows VM.

The Server and Portal components (inc. Web Adaptors) have been installed manually on these VMs. We are NOT using Cloud Builder and do not wish to at this point for various reasons (mainly that this is not generally allowed to be used in customers environments).

Both VMs are within the same VNet and no specific firewall or NSG rules have been configured as by default all communication is allowed between VMs in the same VNet (as I understand it).

However, we are having connectivity issues when attempting to Add the ArcGIS Server to Portal (step 14 in https://enterprise.arcgis.com/en/portal/10.9/install/windows/tutorial-creating-your-first-web-gis-co...). When we do this it fails to connect to server on the admin URL (i.e. port 6443).

When trying to open to the admin URL (e.g. https://machine-name:6443/arcgis) via a browser on the Portal VM, it also fails to connect with a timeout. However, we can browse to the Server web adptor URL (e.g. https://machine-name/server) from the Portal VM with no issues. From this, we assume that something is blocking traffic on port 6443 from the Portal VM to the Server VM.

Does anyone know why we would have such communication issues between two VMs in the same VNet? Are there specific rules we need to configure to allow communication on port 6443?

We are using:

  • Standard build Windows Server 2022 VMs in Azure.
  • ArcGIS Server 10.9
  • ArcGIS Portal 10.9

And are following the steps documented at https://enterprise.arcgis.com/en/portal/10.9/install/windows/tutorial-creating-your-first-web-gis-co.... Except that we are using two VMs and not a single machine deployment.

0 Kudos
1 Solution

Accepted Solutions
Scott_Tansley
MVP Regular Contributor

Have you checked the windows (OS) firewall?  It's very often turned on by default.  Turn it off (temporarily) to test and then set the rules if that allows you through?

Scott Tansley
https://www.linkedin.com/in/scotttansley/

View solution in original post

4 Replies
ReeseFacendini
Esri Regular Contributor

I would add inbound rules to your NSG to allow port 7443, and 6443 on the VNet. That should take care of the timeout error in the browser. If that doesn't work, then I would add the same inbound rules to the Windows Firewall on the individual machines.

I noticed that the ArcGIS DataStore component wasn't called out above. To have a fully functional ArcGIS Enterprise deployment, that componet witll also need to be installed and configured.

0 Kudos
Scott_Tansley
MVP Regular Contributor

Have you checked the windows (OS) firewall?  It's very often turned on by default.  Turn it off (temporarily) to test and then set the rules if that allows you through?

Scott Tansley
https://www.linkedin.com/in/scotttansley/
JohnFannon
Frequent Contributor

It was absolutely the windows firewall, which was on by default.

Not quite sure how I missed that, but adding rules to allow the required port numbers on portal and server VMs to the windows firewall resolved it.

Note that no other NSG rules were required as by default, VMs in the same VNet can communicate on all ports.

Thanks for the responses. The powershell Test-NetConnection tip is also a useful one.

0 Kudos
AngusHooper1
Frequent Contributor

Spend some time learning how to use Test-NetConnection in PowerShell.

Test-NetConnection -Port 6443 -ComputerName "myArcgisServer.com" -InformationLevel "Detailed"