Community
Select to view content in your preferred language

Internal web adaptor with Windows authentication and one without in DMZ pointing to one Portal ?

2726
12
11-09-2021 12:27 PM
MarcBate
by
Frequent Contributor
‎11-09-2021 12:27 PM

We are having problems getting two web adaptors working with our Enterprise Portal and want to confirm if what we want to do is even possible. One web adaptor inside the firewall is set to use Windows authentication and we have the portal identity store configured to automatically create accounts using your Windows login. It works. The problem is when we wanted to put another web adaptor in our DMZ to allow external users such as those using Field Maps. We are using the same URL for both of these web adaptors which resolves correctly depending if you are inside the firewall that has a different DNS server.

When accessing the DMZ web adaptor, there are 403 errors where dojo.js cannot GET other resource files and the web page is blank. When trying to open the resources that had the 403 error, they come up in the browser.

Any ideas on how to get this working or if this is even possible?

Tags (3)
0 Kudos
12 Replies
ABishop
by MVP Alum
MVP Alum
‎11-09-2021 01:14 PM

Hello Marc,

What version of Enterprise Portal?

Amanda Bishop, GISP
0 Kudos
MarcBate
by
Frequent Contributor
‎11-10-2021 06:58 AM

10.9

0 Kudos
ABishop
by MVP Alum
MVP Alum
‎11-10-2021 07:19 AM

I found this information for installing multiple web adapters at 10.9 (IIS)

https://enterprise.arcgis.com/en/web-adaptor/latest/install/iis/install-multiple-arcgis-web-adaptors... 

Amanda Bishop, GISP
0 Kudos
MarcBate
by
Frequent Contributor
‎11-10-2021 08:20 AM

Thanks. We saw that article, but still have the specific question if it is possible to have one web adaptor using Windows Authentication for the IIS website inside the firewall and portal configured to use Windows identity store, and the other in the DMZ using anonymous authentication in IIS.

0 Kudos
ABishop
by MVP Alum
MVP Alum
‎11-10-2021 08:47 AM

According to this thread from 2019, could possibly be the security configuration or the ports.  

https://community.esri.com/t5/arcgis-enterprise-questions/login-link-fails-when-accessed-from-web-ad... 

Amanda Bishop, GISP
0 Kudos
JonathanQuinn
by Esri Notable Contributor
Esri Notable Contributor
‎11-10-2021 04:20 PM

So when the request is set to the home application, for example, and the home application is making requests to dojo.js and other pages, the response is a 403. But if you take that same request on the same browser, (new tab, for example), the request returns a 200?

0 Kudos
MarcBate
by
Frequent Contributor
‎11-11-2021 11:56 AM

That's correct.

0 Kudos
JonathanQuinn
by Esri Notable Contributor
Esri Notable Contributor
‎11-11-2021 02:57 PM

Have you inspected the traffic for differences in headers or other information to see if the presence of a header, or value set for one, is causing the 403?

0 Kudos
MarcBate
by
Frequent Contributor
‎11-17-2021 06:47 AM

We were able to sign in through the DMZ firewall with Field Maps.

However, we still get 403 errors when accessing the enterprise site through the DMZ in a browser. I tried going to /arcgis/home/webmap/viewer.html and it loads, but several css and js files it uses are throwing 403 errors and the browser is empty. I feel we have to be close to getting this working

0 Kudos