Unable to log into ArcGIS Server Manager after Federating

LucasScharenbroich · ‎06-02-2017

I have federated Portal 10.5 with a single-machine ArcGIS Server 10.5 site. Portal is configured to use Active Directory for its Identity Store. Portal and ArcGIS Server are on different virtual servers and their respective web adaptors are on a separate Web Server and configured under different IIS sites. I have done ArcGIS Enterprise Basic deployment in the past successfully.

This table summarized the configuration

URL	Description
https://ags-web-dev.mydomain.org/server	Web Adaptor pointing to the ArcGIS Server
https://ags-web.mydomain.org/portal	Web Adaptor pointing to the Portal for ArcGIS Site
https://ags-dev.mydomain.org:6443/arcgis	Direct URL to the ArcGIS Server machine
https://ags-portal.mydomain.org:7443/arcgis	Direct URL to the Portal for ArcGIS

Almost everything appears to work correctly. For example

I can log into Portal using the primary site administrator account
I can log into Portal using my Domain account
After Federating, all of the ArcGIS Server services appeared as Portal items, as expected
I can log into the ArcGIS Server Administrative service directory using the ArcGIS Server site administrator credentials, or by manually generating a Portal token.

The only issue if that attempting to open ArcGIS Server Manager fail. The interface hangs on the "Please wait..." progress bar and the network traffic shows repeated failures to POST to the portal generateToken page via the ArcGIS Server proxy

https://ags-dev.mydomain.org:6443/arcgis/manager/proxy?_proxyUrl=https%3A%2F%2Fags-web.mydomain.org%...

The network inspector shows that ArcGIS Server returned a 500 server error caused by a "Connection closed" (see screenshot).

Are there any good ways to go about diagnosing the root cause of an issue like this?

Update

Installing Fiddler and enabling HTTPS traffic snooping shows that request is being sent from the ArcGIS Server machine to the Portal Web Adaptor.

This may be a side-effect of enabling Fiddler as a MITM proxy, but the Portal logs show this WARNING:

ArcGIS Server services URL 'https://ags-web-dev.mydomain.org/server' cannot be validated against 'https://ags-web-dev.mydomain.org/server/rest/info'. If the service URL is a proxy URL verify it is accessible to clients.

The JSON at the /info endpoint is

{  "currentVersion": 10.5,  "fullVersion": "10.5.0",  "soapUrl": "https://ags-web-dev.mydomain.org/server/services",  "secureSoapUrl": null,  "owningSystemUrl": "https://ags-web.mydomain.org/portal",  "authInfo": {   "isTokenBasedSecurity": true,   "tokenServicesUrl": "https://ags-web.mydomain.org/portal/sharing/generateToken"  } }

What information is being used to attempt this 'validation'?

TIMSiwiec · ‎08-27-2020

When upgrading from ArcGIS Enterprise 10.7.1 to 10.8.1 this issue started:

"issue if that attempting to open ArcGIS Server Manager fail. The interface hangs on the "Please wait..."

I was able to solve this by editing the Portal's web adapter settings in portaladmin.

https://machinename.gov:7443/arcgis/portaladmin/

Then selecting the web adapter, THEN putting the word /edit after the url in the browser search bar to get to the super secret interface required to change the "Web Adapter URL" box to what your SSL certificate is registered for, not what the default machine name is.

https://machinename .gov:7443/arcgis/portaladmin/system/webadaptors/6c8c038b-2b0f-4306-a27e-9e5250df283f/edit

By changing this "Web adapter URL" it passes on the correct address when logging into the ArcGIS Server Manager using the web adapted domain name that matches the SSL certificate.

So now this web adapted URL using our specified domain name in the SSL works nicely at 10.8.1

https://domainname.gov/arcgis/manager/

Simple fix, super hard to find.