Select to view content in your preferred language

ArcGIS Enterprise 10.9.1 - Adding secured service to AGOL

1323
2
Jump to solution
06-16-2022 12:32 AM
IhabHassan
Esri Contributor

Hi All,

We have an ArcGIS Enterprise that is recently upgraded from 10.7.1 to 10.9.1, and there are a number of secured services that were added from a federated ArcGIS Server to ArcGIS Online. The services were added via the option of “store credentials”. These services were also added to web maps that are used in multiple WebApp Builder maps.

However, after the upgrade, none of these services are accessible or working from AGOL. When we try to open a service in map viewer, we get the error message “Cannot add layer”. Worth mentioning that the account that is used to add these secured service to AGOL is still enabled and can successfully login to Portal.

We also tried another scenario to add a secured service hosted on federated ArcGIS Server to AGOL as a new item, however, we cannot see the username and password fields or the options to store or not store credentials. The Portal is publicly accessible with no HTTPS warnings from the browser.

I followed the causes and workarounds in this post: https://support.esri.com/en/technical-article/000012369

And here are my comments:

  • web tier authentication is not used, so no need to add hosts into Trusted servers list in AGOL or Portal
  • the ArcGIS Server that is hosting the secured services is publicly accessible
  • SSL certs used are valid and not expired, issued by GoDaddy

I have to mention that the Portal and ArcGIS Server are setting behind a load balancer, required re-write rules are added to redirect the requests to correct component.

Regards
Ihab
0 Kudos
1 Solution

Accepted Solutions
IhabHassan
Esri Contributor

The IT switch the load balancer from the existing DR site to actual PROD environment site, and the issue is gone. This clearly points to the SSL and firewall settings in the DR site that it is the cause of this issue. Nothing wrong with AGOL as far as I can see.

 

Regards
Ihab

View solution in original post

2 Replies
TonyContreras_Frisco_TX
Frequent Contributor

Do you see anything in the logs from the PortalAdmin page? We have not upgraded, but are experiencing something similar. It is the opposite direction, so our secured AGO Service was added to our Portal with credentials stored. This had been working since August of last year until the end of May. Our logs show this error:

Invalid SSL certificate found. PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I am working with Esri Support and they recommended downloading and importing the entire certificate chain for AGO's SSL cert to the Portal using the PortalAdmin page. I have done that and am waiting to restart the Portal during our next maintenance window. I'll try to remember to update this thread afterwards.

0 Kudos
IhabHassan
Esri Contributor

The IT switch the load balancer from the existing DR site to actual PROD environment site, and the issue is gone. This clearly points to the SSL and firewall settings in the DR site that it is the cause of this issue. Nothing wrong with AGOL as far as I can see.

 

Regards
Ihab