Hi All,
We have an ArcGIS Enterprise that is recently upgraded from 10.7.1 to 10.9.1, and there are a number of secured services that were added from a federated ArcGIS Server to ArcGIS Online. The services were added via the option of “store credentials”. These services were also added to web maps that are used in multiple WebApp Builder maps.
However, after the upgrade, none of these services are accessible or working from AGOL. When we try to open a service in map viewer, we get the error message “Cannot add layer”. Worth mentioning that the account that is used to add these secured service to AGOL is still enabled and can successfully login to Portal.
We also tried another scenario to add a secured service hosted on federated ArcGIS Server to AGOL as a new item, however, we cannot see the username and password fields or the options to store or not store credentials. The Portal is publicly accessible with no HTTPS warnings from the browser.
I followed the causes and workarounds in this post: https://support.esri.com/en/technical-article/000012369
And here are my comments:
I have to mention that the Portal and ArcGIS Server are setting behind a load balancer, required re-write rules are added to redirect the requests to correct component.
Solved! Go to Solution.
The IT switch the load balancer from the existing DR site to actual PROD environment site, and the issue is gone. This clearly points to the SSL and firewall settings in the DR site that it is the cause of this issue. Nothing wrong with AGOL as far as I can see.
Do you see anything in the logs from the PortalAdmin page? We have not upgraded, but are experiencing something similar. It is the opposite direction, so our secured AGO Service was added to our Portal with credentials stored. This had been working since August of last year until the end of May. Our logs show this error:
Invalid SSL certificate found. PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I am working with Esri Support and they recommended downloading and importing the entire certificate chain for AGO's SSL cert to the Portal using the PortalAdmin page. I have done that and am waiting to restart the Portal during our next maintenance window. I'll try to remember to update this thread afterwards.
The IT switch the load balancer from the existing DR site to actual PROD environment site, and the issue is gone. This clearly points to the SSL and firewall settings in the DR site that it is the cause of this issue. Nothing wrong with AGOL as far as I can see.