Hi,
I am implementing a High Availability Portal and Server (ArcGIS Enterprise 10.5.1). Portal has two machines and Server has two machines, each set of machines is behind a load balancer.
Load Balancer
Portal x2 + web adaptors
Load Balancer
ArcGIS Server x2 + web adaptors
If I set everything up using ArcGIS Portal authentication I can Federate and Host the Portals and Servers and everything works well.
When we configure web tier authentication and single-sign on (Active Directory) using Esri's provided instructions the system fails - specifically we get an unauthorized user error in the Federation window in Portal and when we try to access ArcGIS Server Manager we get an unauthorized user error message. Note, we can still get access to ArcGIS Server Administrator page using the siteadmin user / password.
If anyone has any ideas, it would be greatly appreciated.
K
Hi Kieren,
It sounds like you already covered all this stuff but from the documentation here's a couple things to check:
Micah
Thank you for the comments.
1. Yes, both are configured to use HTTPS
2. In the portal server settings, it is set to the Load balancer URL
3. Web adaptor is configured to enable admin access to the server.
What is interesting in the High Availability deployment
IWA or LDAP authentication with client access internal - we actually have Web Adaptors in front of the ArcGIS Server sites.
The portal web adapters are also on the same machine as the Portal's not separated in the manner described here.
Hypothetically, having the second set of web adapters is creating a user challenge scenario in front of the server site, but we have configured those for anonymous access.
We had confirmation from our local distributor that this would work, but it appears that it might not.
Did you set a privatePortalURL? If so, what is it set to? It should be a load balanced URL that bypasses the IWA challenge.
Thank you Micah and Jonathan for the comments. It turns out that we had misconfigured the second load balancer which balances to URL:7443
What was confusing was everything worked well until the federation / hosting step which didn't lead us to immediately check the balancer. Once we corrected that configuration Single Sign On and Federation / Hosting was successful.