Is it possible to install and configure Portal for ArcGIS on a standalone virtual machine?

2378
21
12-15-2017 09:53 AM
JonathanBailey
Occasional Contributor III

For a demo, I'm trying to set up a base deployment of ArcGIS Enterprise 10.5.1 on a standalone virtual machine using the ArcGIS Enterprise Builder. The ArcGIS Enterprise Builder configuration failed when configuring the web adaptor for the portal. Through trial-and-error, I've been able to successfully configure the ArcGIS Server instance and its web adaptor, including SSL via a self-signed certificate.

However, I'm still experiencing problems getting the Portal configured. For one, I can't figure out how to properly configure the Portal to work with a self-signed certificate. Most importantly, however, I'm not having success configuring the Web Adaptor to work with the Portal. When I try to configure the Web Adaptor to work with the Portal, I'm just specifying the machine name (i.e., http://<machine-name>:7443), since it's not on a domain, but I get an error indicating that I need to specify a fully-qualified domain name for the Portal. Then, I came across this part of the installation documentation, which seems to suggest that the portal needs be on a domain. So, is it even possible to configure portal to work on a machine not connected to a domain?

0 Kudos
21 Replies
JakeSkinner
Esri Esteemed Contributor

Hi Jonathan,

When configuring the web adaptor for Portal try using [machine name].local:7443.  I believe the .local will alleviate the domain error you are encountering.

JonathanBailey
Occasional Contributor III

Thanks, Jake. That got my web adaptor configured.

I had it working this morning -- all of my setup completed, ArcGIS Server federated with the portal -- I had just not set up HTTPS. I was able to add a zipped shapefile to the portal, created a hosted feature layer, and added it to the portal's map viewer. Then, I rebooted the machine.

Now, I'm stuck again. Since ArcGIS Server is now federated with the portal, it authenticates through the portal, but something's not right.

If I try to log in to the Portal through the Web Adaptor (https://, the request gets redirected to the internal URL (https://<servername>.localdomain:7443/arcgis/home). If I try to validate the federated servers from the portal, validation fails. If I try to add a new one, I get an error indicating that federation of servers is disabled when accessing the portal without using the web adaptor. So, I go back to try to re-configure the web adaptor. I get various errors depending on what URL I try for the portal:

https://<servername>.local:7443 : "Failed to get administrator token from Portal. Please verify that the Portal URL specified can be accessed successfully."

http://<servername>.local:7443 : "Failed to get administrator token from Portal. Please verify that the Portal URL specified can be accessed successfully."

https://<servername>.localdomain:7443: "Unable to configure the Portal with the Web Adaptor. Please make sure that the Portal and WebAdaptor are of the same version."

http://<servername>.localdomain:7443: "The server committed a protocol violation. Section=ResponseStatusLine"

This is very frustrating! I've been banging at this since Friday, trying to do something which should be very simple: set up a base install of ArcGIS Enterprise on a single VM using the ArcGIS Enterprise Builder and it. doesn't. work!

BillFox
MVP Frequent Contributor

I don't think your portal will be happy until at least a domain SSL certificate is used.

Reference:

Enable HTTPS on your web server—Portal for ArcGIS (10.5.x) | ArcGIS Enterprise 

JonathanBailey
Occasional Contributor III

Thanks, Bill.

I ended up setting up a domain controller and a CA on the machine. I used the CA to issue a domain certificate, which I then bound to IIS/HTTPS, and also added it to the Trusted Root Certification Authorities. However, when I browse to https://localhost or https://<machine-name> or https://<machine-name>.<domain-name>, I'm still getting a security error (works fine for FQDN on IE, errors on Chrome and Firefox).

0 Kudos
JonathanBailey
Occasional Contributor III

For the Esri folks:

In general, this is the experience that I'm having setting up a base deployment of ArcGIS Enterprise. I solve one problem, only to find 2 more. Really, it shouldn't be this hard, particularly since I'm not setting up a production environment.

0 Kudos
JonathanQuinn
Esri Frequent Contributor

Not sure why you see a cert error in Firefox, but did you set a SAN for the certificate?  If not, that's likely why you're seeing an error in Chrome. Chrome expects a SAN for the certificate now, so you can reissue your certificate with a SAN set the same as the CN.

BillFox
MVP Frequent Contributor

A complete web browser cache clearing might help too, and UN-Check the top item "Preserve Favorites website data", Then select the Delete button and OK, Then close any open browser windows
 

0 Kudos
JonathanQuinn
Esri Frequent Contributor

Can you sign into Portaladmin and go to Machines, and see what the machine name is?  Then, in the URL to register the web adaptor, go to https://servername.local/<wa_name>/webadaptor/portal and then enter the exact machine name you see in the Machines list over 7443, (https://servername:7443). If the machine name is just the short name, (likely, as it won't have a FQDN), but you enter servername.local as the hostname, that's likely turning into a certificate mismatch problem and the request to generate a token is failing.

JonathanBailey
Occasional Contributor III

Hi Jonathan,

I'm not exactly sure what you're asking me to do here, but here's what I did:

  1. The machine name is "abcd-efg-hijk"
  2. When I open a browser and navigate to https://abcd-efg-hijk/portal/portaladmin/machines, I can see that the machine name is listed as ABCD-EFG-HIJK.
  3. I then opened the URL to configure the web adaptor (https://abcd-efg-hijk/portal/webadaptor/portal). I see that the portal URL that's currently registered is https://abdc-efg-hijk.local:7443.
  4. If I edit this URL to remove the ".local" domain extension, and click Configure, then I get the error "Portal configuration requires fully qualified domain name in the Portal URL", as before.

Thanks,

Jon.

0 Kudos