Select to view content in your preferred language

Portal items duplicating on service update

8996
25
02-02-2017 03:12 PM
LakshmananVenkatesan
Frequent Contributor

Hello All,

We have ArcGIS Server 10.4.1 federated with Portal running on Windows 2012 R2. One of client (Publisher role) published a map service in server and layer item was created in portal. When he tried updating service - just changing label and overwriting the existing service, duplicate portal item was created.  The client was original owner of portal item at the beginning (ensuring he was not updating others contents) . He uses ArcMap for publishing with same credentials and everything is same. User is not altering any security settings in portal.

I would like to understand what are all possible scenarios for duplicating the portal items?.

Please provide more insights on this case. 

25 Replies
DougGreen
Frequent Contributor

We have just had this start happening on a 10.7.1 on windows 2016 with a federated server. It started being observed a couple days after updating our ArcGIS Server to use a new self-signed wildcard cert. We have tried using the same cert on our portal machine to see if that resolved the issue but it has not. Our architecture is as follows:

  • Server A: ArcGIS Server, Data Store (inside firewall, Self-signed Cert)
  • Server B: Portal for ArcGIS (inside firewall, Self-signed Cert)
  • Server C: Web Adaptor for Server, Web Adaptor for Portal (outside firewall, CA Cert)

We are somewhat surprised that this is still just sitting here with a bug like this unresolved. How have you all moved past this or are you just using this method to delete the orphaned items constantly?

DougGreen
Frequent Contributor

For anyone else experiencing this issue, our cause for these errors was that we had just received a new certificate for our internal servers that would work for any server on our internal network (an internal wildcard cert). This was a pfx file. We imported it and enabled it and the web browsers stopped complaining about insecure websites. However, the individual pieces of the architecture were not liking it. Also, programatically interacting with the portal or server through python or rest api was throwing ssl errors. The problem was that we had not imported a root or intermediate .cer file. Apparently this is needed to complete the validation route. Once that was in place on both Server A and Server B, we were back in business. It took a 3 hour chat with Tech Support but we got it.

MichaelVolz
Esteemed Contributor

So which server(s) should the root or intermediate .cer file be imported to - Portal server and/or all ArcGIS Server machines (AGS role, image server role, etc.)?

0 Kudos
DougGreen
Frequent Contributor

Sorry I'm just seeing this. It has been too long and I don't remember but I think it was just the ArcGIS Server machine. We are just finding that it's doing it again after upgrading to 10.8.1. I'm going to be on the phone with them again it looks like.

0 Kudos
by Anonymous User
Not applicable

These were the only notes I jotted down after finally getting ours to work in January. I couldn't get this to work on 10.7.1 and had to use 10.6.1 to get SSL certs to take. Then update to 10.7.1. Just updated to 10.8.1 and not having any issues yet.

Wildcard external domain from GoDaddy imported into IIS. Manually export each level (root, 1st intermediate, 2nd intermediate, full cert to pfx) from IIS. Import root, 1st, 2nd certs into server, import current server cert and import wildcard pfx file.

Import domain level wildcard for [yourdomain] network. Import as current server cert in server admin, set the server to use that cert instead of selfsignedcertfiicate. Now internal access is secured with domain cert, external traffic through web adapter is secured with godaddy cert.

Here's what certs look like on my server:

And on my Portal:

akochman
Occasional Contributor

Any updates to this work around? I'm having the same issue on 10.8.1 with a domain SSL (not wildcard) and self-signed cert on the portal/server on an Amazon EC2. I've contacted esri support and they are suggesting to add a SAN (amazonaws.com) to our cert as shown in slides 23-25 here. The problem is that the amazon domain is blacklisted, so that is not a possible solution for us.

Support told me since SAN's are outside of their scope that they would not assist with the blacklisted SAN issue. So now I'm stuck with an ArcGIS Enterprise Portal/Server that are running and healthy with the exception of the SSL configuration, even though we have a signed cert and domain. Anybody know of a solution to this? I would assume others with EC2's are in the same position.

0 Kudos