HTTPS 500 Error Forward Proxy

01-04-2018 05:09 AM
New Contributor II

We have ArcGIS Portal 10.5 set up on a Windows Server. There is a proxy set up for any traffic coming from outside the business. Any services we have published internally do not go through the proxy.

Recent changes have been made to the proxy which I believe is Squid based and the webfilter has been changed from WebSense to WebTitan. I believe it to be a forward authentication proxy. Since the changes, we have experienced strange behaviour with any services that are accessed from outside the business e.g. mapping services provided by Ordnance Survey NI.

When a user loads a webmap with these services in them, it comes up with a message that the Basemap could not be loaded, loading default basemap instead. All internal services still work fine.

We have a coupel of semi-workarounds

1. Storea copy of the service in portal which requires credentials to be added manually.

2. Run  the service as the same user that runs the ArcGIS Portal Service on the server.

Both actions result in the service becoming available again for all portal users for a period of time. It also seems as though when the service is not being used for a while the problem comes back again. During the day our portal is used by a large number of users so it looks as though their activity keeps the service authentication alive. However in the morning / when the service is not used they need to be triggered by using one of the two above methods to start working again.

We have not experienced similar issues in ArcMap 10.2-10.5 where the external services still work with this proxy successfully.

When the service is not working, logging shows that there are a number of HTTPS Code 500's.

Things tried so far include:

1. SSL Certifcates

2. Altering NTLM / IP Address authentication settings in the proxy.

I was hoping that someone else in the community would have a similar experience that may help shed some light on what the problem may be.

Tags (4)
0 Kudos
1 Reply
Esri Contributor

Hi Andrew,

So it sounds like you are using a forward proxy with Portal and from what you mentioned your forward proxy requires authentication for outbound requests to succeed.  This can cause issues when the Portal service attempts to make a request to an external resource.  This request may be getting block by the proxy due to the lack of credentials.  You may need to add the properties like the below

{     "httpProxyHost": "",     "httpsProxyHost": "",     "httpProxyPort": 80,     "httpsProxyPort": 443,
    "httpsProxyUser": "username",
    "httpsProxyPassword": "Password",
    "isHttpsProxyPasswordEncrypted": false}

The document below contains for details of these parameters and where to implement them.



0 Kudos