I just upgraded one of our ArcGIS Enterprise environments from 11.2 to 11.5 and noticed that the upgrade "breaks" the pg_hba.conf file in the ArcGIS Data Store.
When using the allow connection data store command line tool to allow connections to the ArcGIS Data Store, it adds them to the pg_hba.conf file like this: host db username ip/hostname scram-sha-256
However, after upgrading to 11.5, the upgrade changed all the entries from "host" to "hostssl" which breaks any and all connections to it (including the ArcGIS Server). For example, it changed it to this: hostssl db username ip/hostname scram-sha-256
After upgrading, all of my hosted services didn't work and saw a "bad user login" message in the ArcGIS Server logs. Luckily, I've worked with the ArcGIS Data Store enough to know what this message means.
Running the allow connection data store command "fixes" this by adding a new entry with only the "host" option.
What I am looking for is a little bit of clarity on why this happened, because it appears that the ArcGIS Data Store isn't even compatible with any "hostssl" connections in the first place for two reasons:
- The previously existing ArcGIS Server entry in the pg_hba.conf file didn't work by default after the upgrade, nor did the Esri upgrade mitigate this by adding a new "host" only entry.
- Even after upgrading, the allow connection data store command line adds entries only as "host" and not "hostssl", despite the upgrade changing everything to "hostssl".
I'm unable to find anywhere in Esri's upgrade documentation stating that re-adding entries to the pg_hba.conf file is a required step, so I'm just wondering why Esri changes all of the entries in the pg_hba.conf file when it's not even compatible in the first place?
If anything, hopefully this will help others who encounter this issue considering this is not a documented step in the upgrade process.
