Upgrading to 10.5.1

332
5
09-15-2017 05:08 AM
JoeHershman
MVP Regular Contributor

So far the issues we've had

  • Applying certificate to Portal breaks access to portaladmin, meaning you cannot access the portal admin tool after you apply the certificate.  There is a known workaround of resetting a config file to allow access but applying the cert will break it
    • From what I have read this may be only an issue with wildcard certs.  I would certainly expect esri's https to work with wildcard certs as this is a very common approach in companies that use https.
  • Sync with a archive database (esri's recommended approach) is completely broken in 10.5.1.

Fortunately, we setup a dev environment prior to moving production to 10.5.1, it doesn't seem this version is very stable or was tested prior to release

0 Kudos
5 Replies
JonathanQuinn
Esri Frequent Contributor

I tried the first issue you're running into and didn't see a problem configuring a wildcard certificate for Portal.  What is the error within the logs on disk?  

0 Kudos
JoeHershman
MVP Regular Contributor

I do not know it is a wildcard certificate issue, that was just something that I read seemed a possible issue.  But the problem is documented with the only solution being how to recover.  Common problems and solutions—Portal for ArcGIS (10.5.x) | ArcGIS Enterprise 

What is the actual solution to the issue?  Why does this occur in two completely different environments after they were upgraded to 10.5.1 when the certificate work fine in 10.4.x.  What is required in a certificate to make this not happen?

0 Kudos
JonathanQuinn
Esri Frequent Contributor

The solution is the one that's documented.  You should take a look at the logs to determine if the problem is indeed certificate related.  This isn't entirely relevant as you're using a wildcard certificate but a common reason why you need to go through the referenced workflow is the CN of the certificate doesn't match the hostname of the Portal.

0 Kudos
JoeHershman
MVP Regular Contributor

What's documented is not a solution, it is a workaround so your portal is not completely broken.  But once doing this, the portal still does not have the real certificate applied, it is just using the default portal certificate.  

0 Kudos
JonathanQuinn
Esri Frequent Contributor

When the certificate is not valid, you'll run into that particular problem.  Since the web server Portal uses is Tomcat, and Tomcat will block requests where the certificate is not matched against the URL, the only way to fix the problem is modifying the config-files manually.  I would suggest ensuring the certificate is valid to use for Portals internal web server prior to importing it.  If you can post the error in the Portal logs on disk, (obfuscated if need be), then that'll help determine what's going on.

0 Kudos