ArcGIS Enterprise Installation Checklist

583
5
10-27-2020 06:28 AM
CraigAJohnson
New Contributor II

I have loaded ArcGIS Enterprise many times on a virtual server and have always had issues arise. An example of one issue is after being installed and configured it suddenly cannot reach a webpage (Portal or Server). Another issue I have seen is after I log into Portal and go to Settings it pops up a "Sign in" window and none of my usernames or passwords work. I recently overcame the Sign in issue by giving privileges to "Everyone". It worries me a bit because in the back of my mind I'm wondering if the software is going to come crashing down because I forgot to set something correctly.

I am not asking for help on a particular installation but I would like to see if I can get a checklist for installing ArcGIS Enterprise for future reference.

I have Windows Server 2019 standard edition with IIS version 10 and I'm going to load ArcGIS Enterprise 10.8. What do I need do, or set, with the OS before installing the software (Portal, Server, the works)? Then after the software is installed is there anything else I should be aware of with the software and OS? Thanks in advance.

Checklist

  1. Install a CA Signed SSL certificate for https.
  2. Receive appropriate license for software (in my case a .prvc for Server and .json for Portal)
5 Replies
ShaneMiles
Esri Contributor

Hi Craig Johnson‌, 

The functionality you are experiencing could be a number of things. Without knowing your environment, the first thing I would check is that IIS is installed with appropriate certificate and https/443 enabled on default web site using the certificate Enable HTTPS on your web server—ArcGIS Enterprise | Documentation for ArcGIS Enterprise . Then ensure its ingested within both portal and server with each certificate in the trust chain (root, intermediate) Best practices for server certificates—ArcGIS Server | Documentation for ArcGIS Enterprise . Also check the service account utilised during installation has the correct priveledges on each server to write to the locations of content and relevant directories The ArcGIS Server account—ArcGIS Enterprise | Documentation for ArcGIS Enterprise . 

In terms of checklist, that is really dependant on your environment. Extenisive documentation exists on each component online. The conceptual steps are below: 

1. Requesting a CA Certificate in IIS

   Install into IIS 

   Bind to https 443 to default website 

   Test trust 
2. Install ArcGIS Server

   License

   Build site

   Ingest root, intermediate and web certificate for trust 
3. Install ArcGIS Web Adaptor (Server)

   Configure with ArcGIS server
4. Install ArcGIS Data Store

   Configure with ArcGIS server 
5. Install Portal for ArcGIS

   License

   Build site

   Ingest root, intermediate and web certificate for trust 
6. Install ArcGIS Web Adaptor (Portal)

   Configure with portal 
7.Federation

   Using web adaptor addrsses for both server and portal
8. Install any extensisons 
9. Install and configure optional software pieces

Hope this helps. 

Shane

CraigAJohnson
New Contributor II

Shane thanks for the reply. 

One thing I noticed with your list, and am very intrigued about, was your order of installation.  I have a colleague that took their online class during the summer and the order they went through was Portal, Web Adaptor, Server, Web Adaptor, and Data Store .  When I installed the software I loaded Server before Portal but followed their class course book exactly with the rest of installation and still had issues.  Also, the course book had you Federate the system before you installed Data Store which seemed odd to me and that's when the "Sign In" window popped up and I couldn't really do anything until I shared everything with everyone. 

One thing that I have never got a straight answer to over the years is the host file for the Windows system. Should I add anything to it or leave it in it's default state?

For example the default is as:

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost

Should I add anything, such as the machine IP:

10.10.112.27   www.webserver.xxx.xxx

Lastly, you have in your list the phrase Ingest root, what does that mean. I'm a Geographer and all the software and system administration has been dumped into my lap so there are terms that I'm not sure about.  I have probably completed that task; I just may have called it the "thingamajig".

So I guess the point I'm making is I've used ESRI documentation, an ESRI training class course book, and installed ArcGIS Enterprise six ways from Sunday and still had problems.  I've loaded the correct CA Certificate with IIS with no problems, I have external and internal communication to the server with no problems. I even let their ESRI Builder app install it for me and it always failed so it is seems there is always an OS issue that I may need to address.

Thanks again for your help, your list has provided insight. I may install the software on a test server using your order to see how it goes.

ShaneMiles
Esri Contributor

Hi Craig Johnson‌, 

Which exact course did your collegue undertake? That order is fine and I believe is the recommended installation and upgrading order. When you federate the portal with Server it takes on portals security settings as Im sure you are aware. The Datastore however should still be connected to Server utilising its Server URL on port 6443 and utilising the Servers administrator account. Once this has been done the hosting functionality is able to be selected for the server within Portal. 

I couldnt answer your question about the host file for the windows system sorry. However it could have something to do with the configuration of your web adaptor and the machine name configuration. 

Sure thing, in IIS go to default website and click on bindings. In there adjust settings to Type: https,  IP address: All Unassigned, Port: 443, SSL certificate: Choose the certificate .

From there export that certificate out of IIS as a .pfx and in the chain when you inspect it, export any root or intermediate certificates as a .cer . 

From here navigate to portaladmin and follow the steps outlined in Configuring the portal to trust certificates from your certifying authority—Portal for ArcGIS | Docu... . Then go to import Existing server certificate and select your .pfx, type in the password and click import. Then in SSL certificates click update and change the web server certificate to the name of the certificate you just ingested as a .pfx .

Then go into Server and follow the steps outlined in Configure ArcGIS Server with an existing CA-signed certificate—ArcGIS Server | Documentation for Arc... . After this go to serveradmin>machines>machine name and select edit. Change the Web server SSL certificate to the name of your certificate (.pfx) .

I usually conduct these steps as I go through build (prior to configuration of web adaptors) in order to ensure each element is trusted and the secure sign is being displayed within my web browser before proceeding.

Hope this helps. 

Shane

CraigAJohnson
New Contributor II

The class was "ArcGIS Enterprise: Configuring a Base Deployment (ver 10.7)"

0 Kudos
NathanEnge
Esri Contributor

I go through a typical ArcGIS Enterprise Base Deployment step by step, including security considerations, and prerequisities...

https://www.esri.ca/content/dam/distributor-restricted/esri-ca/files/news-events/events/uc/past-proc...

 

0 Kudos