How do I resolve Error: 400 Invalid redirect_uri when attempting to sign into Portal?

WilliamDeGraw · ‎08-28-2018

Setting up test environment for ArcGIS Enterprise. Portal and it's Web Adaptor installed, setup SSL, added a few entries into the hosts file to get networking to direct my URL (https://domain.com/portal/home) to a sign in page. When I click the 'sign in' link in the upper right, the result is Error: 400 Invalid redirect_uri.

I'm using ESRI documentation - installation guides - to setup ArcGIS Enterprise...and this error surprised me.

What step did I miss? What do I need to do in Portal Admin directory? Portal logs look ok...only weird entry so far is re-occuring daily 'The database server was found to be stopped. Re-starting it.' This is the internal DB on the Portal server?

Only account that exists at this time is the Portal Admin created at install.

On screen options are home link that complains about an outdated URL for Portal Sharing and the other..."create an account'.

Created an account successfully, but when I click on 'Organization'...I get directed to the URL https://webadaptorHostName/portal/home/organization.html and browser says cannot connect

So does it look like a networking issue, like missing DNS entries or is this something I need to add/configure in Portal Admin directory?

WilliamDeGraw · ‎08-28-2018

My initial workaround until I can talk with my network support is to add an entry in the windows hosts file.

c:\Windows\System32\drivers\etc\hosts

ip address web adpator name.domain.com

WilliamDeGraw · ‎08-28-2018

This looks promising...

Configure a disconnected deployment—Portal for ArcGIS (Windows) Installation Guide (10.5) | ArcGIS E...

note: above webpage is for 10.6.x windows but the link above is created after I paste the URL, http secure://enterprise.arcgis.com/en/portal/latest/install/windows/configure-a-disconnected-deployment.htm

JakeSkinner · ‎08-28-2018

Hi William,

Are Portal and Web Adaptor installed on the same server?
Are you using a DNS alias for the server where the Web Adaptor is installed?

Go to the Portal Administrator Directory > System > Web Adaptors > click on the web adaptor name. At the end of the URL, and the following: /edit

Does the Web Adaptor URL match the DNS alias?

WilliamDeGraw · ‎08-28-2018

Hi Jake,

1. Portal and WA are on separate Virtual Machine (Internal network and DMZ locations).

2. Trying to get network folks to use my desired DNS alias for the server where the WA is installed (talking to them later today).

Not sure what you mean by "At the end of the URL, and the following: /edit" .

My only option is to unregister the web adaptor after I clicked the web adaptor namer per your instructions. Is your instructions based on 10.6.1 experience?

Thank you,

William

JakeSkinner · ‎08-28-2018

After you click on the web adaptor name, go to the URL in your browser and manually add /edit at the end. Ex:

https://portal.esri.com/portal/portaladmin/system/webadaptors/12c48210-2c27-4518-8bc0-34ad9ae85e95/e...

WilliamDeGraw · ‎08-29-2018

Hi Jake,

The WA URL did not match the DNS entry. So I updated it. Things are working well.

Thank you,

William

WilliamDeGraw · ‎08-28-2018

Slowly finding missing pieces...

Configure your portal to use a reverse proxy server—Portal for ArcGIS (10.6) | ArcGIS Enterprise

10.5.1 build had a WebContextURL Property in Portal Admin Directory (Home, System, Properties) that I needed to update in my 10.6.1 build(reason why...need to read the documentation...helps with forming URLs on client side?)

Initial feedback : error is gone...web URLs are friendly instead of WA name in the address bar on a few clicks. I think that the webcontexturl was the fix. More testing tomorrow.

BradGeerdes · ‎01-17-2019

Hello,

We have a very similar setup and are running into similar issues when externalizing our Portal.

Setup:

Windows IIS Servers / ArcGIS Server / Portal / Web Adaptor 10.6

ArcGIS Server and Portal installed on "esritst01.abc.com" (Windows "SERVERA") and Web Adaptor for Server and Web Adaptor for Portal is installed on "esritst02.abc.com" (Windows "SERVERB"). Public URL is https://gistst.abc.com/portal.

In the DMZ, we have SERVERB and F5 (F5 is a load balancer). Public traffic comes into our DMZ via https://gistst.abc.com/portal and first encounters the F5 (load balancer). The traffic then continues to SERVERB ((esritst02) - Web Adaptors). Finally, the traffic is routed to SERVERA (esritst01) where we have Portal and Server installed. See the attached image for a diagram.

Problem:

When a user attempts to hit our https://gistst.abc.com/portal, the user receives an error - "gistst.abc.com redirected you too many times" "ERR_TOO_MANY_REDIRECTS.

Any assistance/insight with this would be greatly appreciated.

Thanks!

Brent

WilliamDeGraw · ‎01-17-2019

Brent,

Randoms questions to start:

Test DNS - Can the user type in the IP address to get to Portal (instead of URL)? Can user type in https:domain.com and get a successful IIS response? Then add the next directory (name of Portal instance). Can you get to Portal Admin if open from external? Can you get to Portal sharing URL?

F5 setup - Can you verify the VIPs are correct on the F5?

Web Adaptor - Can you get to portal from the Web Adaptor machine? Can you get to portal from inside the internal network (7443 to Portal Admin)? Try to start Internally then step to WA to External to see where break happens.

Sorry it's kind of a brain dump...just to think out loud and begin a dialogue. I've found it frustrating to troubleshoot by oneself (running ideas in your head...gets exhausting) so bouncing ideas back and forth might trigger some insights and new troubleshooting.