Hi Experts,
Would like to know how to trouble shoot that portal proxy 403 error?
In the network traffic when I load the web map, I saw two web request, one is with proxy (got 403), one is with direct request (got http 200).
When I browse the https://xxx../MapServer?f=json, it is happily browse also.
But when it is trying to browse through portal proxy, it always, 403 error.
It is happening in portal for arcgis 10.5.1.
Best Regards,
Than Htet Aung
What response do you get if you check the URL using the checkUrl.jsp page?
https://portal.domain.com:7443/arcgis/sharing/checkUrl.jsp?url=<url>
If that comes back with a failure, check the logs to see if it's a certificate thing. That'd be my first guess. Also, you'll always see a 403 in the browser because you don't send the request with the proper headers. Let Portal handle requests to through the proxy and just monitor them through the dev tools or Fiddler.
Thank Jonathan,
Didn't know that checkUrl.jsp page and this is helpful.
After I tried with two services url, I used to encounter issue
One might be because of cert what you mentioned as it is using local ad cert and setup locally.
And another is slow ogc wms service.
Below is the list of response respectively.
Would like to know where to read the log?, I believe it is not from portal log folder which is configure in arcgis-logsettings.json.
---------------
{ "success": false, "error": {"message": "Http StatusCode: -1, Error checking resource:- https://xxxx/mapserver } --- This service is slow, it took 30secs to response in browser, it is ogc service with token based and it has valid cert as well.{ "secured": false, "httpStatusCode": 503, "httpStatusMessage": "HTTP/1.1 503 Service Unavailable", "httpResponse": "", "url": "https://wms/ogc url" }Best Regards,
Than
If the service is coming from a federated Server, then if it uses a self-signed certificate, the certificate isn't the problem.
If the certificate is from your AD and is configured with a wildcard, then you need to import the root certificate into the Portal. You need to do this regardless if the Server is federated or not.
HTTP code 503, as the error indicates, means that the Server can't respond to the request. Can you reach the URL in your browser? What about in a browser run by the user running the Portal Windows service or Linux install user?
Hi Jonathan,
That ogc service is external service.
I can browse the url and certificate is issued from "Quovadis Global ssl ica g3"
Best Regards,
Than
I'm sure Portal doesn't trust that root certificate by default, so export the certificate via your browser or IIS and then import it into your Portal through the link I posted above.