We cannot update our organizational logo through our DNS at gis.domain.com but we can do through the internal machine name. But when we update the logo through a machine name, portal looks for it at the machine name address, not the DNS.
Whenever I try to upload through the gis.domain.com, portal pops up saying Unable to update logo. Looking through the firefox network logs, I see an error 403 "You do not have permissions to access this resource or perform this operation." We think this issue may be a larger issue than just being able to upload a logo.
I don't see any issues in our logs for apache or tomcat. We have a reverse proxy set up and are looking through our settings and Esri documentation to see if we are missing something, but nothing obvious is showing up.
Edit 1: I noticed that when updating the Shared Theme logo, we can upload a logo with no issues. It hits the https://gis.domain.com/portal/sharing/rest/portals/self/update and successfully updates. But when I try to do it for the Organization Profile logo, it fails with the same rest end point at https://gis.domain.com/portal/sharing/rest/portals/self/update
We had to reinstall Portal about 4 times for various reasons. We had a corrupted content directory, switched to EFS rather than S3, and issues with failover corrupting everything. Anyway, the last time we installed it, we were able to update the logo. The only thing we could think of is that we ensured that the tomcat folder's contents is all owned by the tomcat user. Maybe that did it?