ArcGIS Enterprise 10.9.1 signing users out - session expired

453
6
03-08-2022 02:05 AM
AndyBurns2
New Contributor II

Hi,

We recently did a in place upgrade from 10.7.1 to 10.9.1 - all went well and the system is working as required however we are seeing alot more frequent logging out of users withthe sign in page asking the user to log in again as the session expired.  I have not been able to detect any common occurance like timeout etc since signed in.

We have modified the ArcGIS Token settings to extent the lifetime of the tokens but no luck. I have seen Portal has a token timeout set to -1 however cannot spot any documentation regarding this.

We did not experience this in 10.7.1 

Is this a common occurance? We have logged it with our local ESRI support however I thought I would reach out here in addition to support.

Thanks

6 Replies
Scott_Tansley
Regular Contributor

The -1 means the token is valid for 14 days.  Security Professionals would say it’s best practice to reduce this to 480 or 600 (minutes).

I’ve completed a number of 10.9.1 upgrades, but I’m not seeing sign outs.  Have you cleared your browser history in case there are cached items that are causing this instability.  I know it’s hard to roll out across all users but it’s quite an important step. 

Scott Tansley
Consulting Architect (ArcGIS Enterprise)
https://www.linkedin.com/in/scotttansley/
0 Kudos
MichaelAugust
Occasional Contributor III

We're experiencing the same issue with some apps at 10.9.1, did you ever resolve this?

0 Kudos
AndyBurns2
New Contributor II

Hi,

No, still working through it with ESRI however our is also 'going down' for 20 seconds or something. No logs in Enterprise/Windows is showing any issue besides IIS where we see nothing logged for a small time.

Its not IIS though as the site on 7443 etc is also unavailable and it recovers so quickly. Nothing showing stressing the machine either and we can be on RDP and the web stuff goes down so its not network.

Guessing when it recovers and we have apps that do refreshes on the source data every 2 mins etc the previous token is now not being allowed and the user needs to sign in for a new token due to the portal somehow dying.

0 Kudos
MichaelAugust
Occasional Contributor III

Yeah we've tried extending the main Portal timeout setting to a couple hours, seems to go away for a while if our troubled users clear their cache, but then somehow comes back. They are forced to re-sign in and they lose any settings to the layers involved in the webapp, ie, transparency, on/off, arrangement, etc. and the web app starts over. It's kicking them approx every half hour. Thanks for getting back to me! If we figure anything out I'll post here.

0 Kudos
AndyBurns2
New Contributor II

Hi,

We managed to sort it out with our support here.

We deployed via AWS Cloudformation template provided by ESRI Inc. This put both the server and portal in the same IIS app pool. On prem deployments from our local support always separate portal and server into their own app pool as we using the web adapter.

Once we did this, we have not had any issues for over 10 days.

Thought I would post to see if its worth checking this.

0 Kudos
TerryOD
New Contributor III

Hi @AndyBurns2 @MichaelAugust , apologies for dragging this one up.

We are experiencing similar frequent logouts after upgrading from 10.7.x to 10.9.1 - Just to clarify @AndyBurns2 - Are you saying in your case that the fix was to separate portal and server into their own app pools?

For background info, in our case - we were on 10.7.x and were having some portal freezing issues during periods of high use, which would force app pool to restart and force a reauthentication, our local ESRI support separated the portal/server web adaptors into separate app pools, which fixed that issue.

Then the upgrade from 10.7.x to 10.9.1 brought in the 'authentication loop issue' with WAB apps, which our local support patched, or at least enabled us to not go into an infinite loop. 

But now, at 10.9.1 we are seeing frequent logging out of apps as per your issue.

We have a call in with local support but just thought I'd share our experience too.

Cheers

0 Kudos