How to troubleshot Arcgis Portal proxy 403 error?

2281
5
08-27-2018 08:45 PM
Highlighted
New Contributor II

Hi Experts,

Would like to know how to trouble shoot that portal proxy 403 error?

In the network traffic when I load the web map, I saw two web request, one is with proxy  (got 403), one is with direct request (got http 200).

When I browse the https://xxx../MapServer?f=json, it is happily browse also.

But when it is trying to browse through portal proxy, it always, 403 error.

It is happening in portal for arcgis 10.5.1.

Best Regards,

Than Htet Aung

Tags (1)
Reply
0 Kudos
5 Replies
Highlighted
Esri Frequent Contributor

What response do you get if you check the URL using the checkUrl.jsp page?

https://portal.domain.com:7443/arcgis/sharing/checkUrl.jsp?url=<url>

If that comes back with a failure, check the logs to see if it's a certificate thing. That'd be my first guess. Also, you'll always see a 403 in the browser because you don't send the request with the proper headers. Let Portal handle requests to through the proxy and just monitor them through the dev tools or Fiddler.

Highlighted
New Contributor II

Thank Jonathan,

Didn't know that checkUrl.jsp page and this is helpful.

After I tried with two services url, I used to encounter issue

One might be because of cert what you mentioned as it is using local ad cert and setup locally.

And another is slow ogc wms service.

Below is the list of response respectively.

Would like to know where to read the log?, I believe it is not from portal log folder which is configure in arcgis-logsettings.json.

---------------

{   "success": false,   "error": {"message": "Http StatusCode: -1, Error checking resource:- https://xxxx/mapserver }
---

This service is slow, it took 30secs to response in browser, it is ogc service with token based and it has valid cert as well.
{   "secured": false,   "httpStatusCode": 503,   "httpStatusMessage": "HTTP/1.1 503 Service Unavailable",   "httpResponse": "",   "url": "https://wms/ogc url" }
Best Regards,
Than
Reply
0 Kudos
Highlighted
Esri Frequent Contributor

If the service is coming from a federated Server, then if it uses a self-signed certificate, the certificate isn't the problem.

If the certificate is from your AD and is configured with a wildcard, then you need to import the root certificate into the Portal. You need to do this regardless if the Server is federated or not.

Configuring the portal to trust certificates from your certifying authority—Portal for ArcGIS (10.6)... 

HTTP code 503, as the error indicates, means that the Server can't respond to the request. Can you reach the URL in your browser? What about in a browser run by the user running the Portal Windows service or Linux install user?

Reply
0 Kudos
Highlighted
New Contributor II

Hi Jonathan,

That ogc service is external service.

I can browse the url and certificate is issued from "Quovadis Global ssl ica g3"

Best Regards,

Than

Reply
0 Kudos
Highlighted
Esri Frequent Contributor

I'm sure Portal doesn't trust that root certificate by default, so export the certificate via your browser or IIS and then import it into your Portal through the link I posted above.

Reply
0 Kudos