ArcGIS Enterprise Multi-machine Problems

1037
12
08-10-2020 05:49 AM
CraigAJohnson
New Contributor II

I've been dealing with this problem for a while and have even asked questions on here about it but I have not found a solution yet.

I want to setup a multi-machine deployment on two virtual servers (Windows Server 2019);

Machine1 - Portal, ArcGIS Server, Data Store, Web Adaptor (I used Builder to install all software)

Machine2 - ArcGIS Server with Image Server license (just used ArcGIS Server installation software)

Everything loads fine, it's just when I load ArcGIS Server on Machine2 and it asks if I want to "Create a New Site" or "Join an Existing Site" I get the following error:

Failed to join the site 'https://MACHINE1:6443/arcgis/admin/'. Server machine 'https://MACHINE1:6443/arcgis/admin//machines/register' returned an error. 'Admin URL 'https://MACHINE2.GIS.COM:6443/arcgis/admin' is not reachable from 'MACHINE1.GIS.COM'.

 

I've done multiple installations (wipe the machine and start over) and always receive this error.

I've created Inbound and Outbound rules to open every port that ESRI recommends on both servers. I have a CA-Signed SSL certificate for both servers.  Both servers have a Fully Qualified Doman Name. I can ping each server. I can view the default IIS webpage from each server. I'm using the same ESRI license files for each server. I'm using the same version of ArcGIS Server on each machine (10.8). 

 

Basically, I've done everything I know to join Machine2 to the existing site on Machine1.

My question - is there anything else, no matter how trivial, that I should look at when setting up the servers. I feel it is a server issue that I'm overlooking, something very simple.  For example, should I worry about the Host file??

Any information would be appreciated.

0 Kudos
12 Replies
George_Thompson
Esri Frequent Contributor

Adding better groups for visibility: ArcGIS EnterpriseEnterprise GIS

--- George T.
0 Kudos
JoshuaBixby
MVP Esteemed Contributor

Since you are running both an ArcGIS GIS Server and IIS Web Adaptor on the same machine, you have at least 2 different web servers running on the machine because ArcGIS GIS Server has its own embedded web server.  Connecting to the default IIS web page doesn't ensure your connections to the embedded ArcGIS GIS Server are working correctly, and MACHINE2 is trying to register using the embedded web server on MACHINE1.

Regarding, "I have a CA-Signed SSL certificate for both servers."  Did you bind the CA-Signed SSL certificate to the embedded web server, or is it only bound to the IIS web server?

On MACHINE2, open up a web browser and try connecting to https://MACHINE1.domain.com:6443/arcgis/admin, do you get any certificate or other errors?

0 Kudos
BillFox
MVP Frequent Contributor

Hi Craig,

Did you verify folder/file share and security on config-store using same domain user account?

same verify for using the FQDN in that url? and all pieces of that SSL, is it a wildcard SSL?

0 Kudos
CraigRussell
Esri Contributor

Hi Craig

You'll need to go beyond the ping test to be 100% certain that the machines can talk to each other over the correct ports.  To do this, complete the following test from each machine:

  1. Open Windows PowerShell
  2. Type Test-NetConnection -ComputerName <DESTINATION SERVER> -Port 6443
  3. PowerShell will then provide a diagnostic report indicating success/failure of the test

When doing this test, try all combinations of IP addresses, machine names, and DNS aliases just to make sure there aren't any variations in terms of hostname resolution.

A few more things to look out for:

  • See Configure ArcGIS Server in advanced scenarios—ArcGIS Server | Documentation for ArcGIS Enterprise if either of the machines has multiple network interface controller (NIC) cards or DNS entries
  • If you've imported your CA-Signed certificate into Server, then try reverting back to the self-signed certificate and attempt to join the sites again
  • To completely rule out any config store access issues, you could do the following:
    • Ensure that the config store is accessible as network share via UNC path
    • Configure your initial ArcGIS Server site to use the UNC path instead of a mapped network drive
    • Run the Configure ArcGIS Server Account utility and use a domain service account
    • Use the same domain service account when installing ArcGIS Server on the second machine, ensuring that it can also access the network file share via UNC path

Hope this helps!

Craig

CraigAJohnson
New Contributor II

I ran the following test on machine name, IP, and DNS alias:

Test-NetConnection -ComputerName <DESTINATION SERVER> -Port 6443

When I ran the test, machine name and IP succeeded but on the DNS alias it failed on TcpTestSucceeded came back as False.  Is there something in Server Manager (maybe?) that I need to turn on to allow TCP for the DNS Alias?

I believe I have the shared folder and SSL configurations set correctly as per ESRI's recommendations.  

Thanks for the help and information.

0 Kudos
CraigRussell
Esri Contributor

Does the DNS alias resolve to the correct IP address if you run the command nslookup <DNS Alias> in PowerShell?

0 Kudos
CraigAJohnson
New Contributor II

Yes, nslookup command does resolve the correct IP addresses for both machines.

0 Kudos
CraigRussell
Esri Contributor

I think you need the assistance of a network analyst to determine why the network connection test fails for the alias but not the IP/machine name.

You could try following the directions to Configure ArcGIS Server in advanced scenarios—ArcGIS Server | Documentation for ArcGIS Enterprise to force ArcGIS Server to only use the machine name (which you know works over 6443) just to see if you can complete the configuration.

However, going back to your original post in this thread, I noticed the following:

I want to setup a multi-machine deployment on two virtual servers (Windows Server 2019);

Machine1 - Portal, ArcGIS Server, Data Store, Web Adaptor (I used Builder to install all software)

Machine2 - ArcGIS Server with Image Server license (just used ArcGIS Server installation software)

For an ArcGIS Server setup where you join two machines together to form a multi-machine site, both machines must be licensed for the same roles - i.e. Machine1 and Machine2 each need to have their own GIS Server and Image Server licenses.

If the idea behind your deployment is for Machine1 to only provide map services and for Machine2 to only provide image services, then you cannot (and don't have to) join Machine2 to Machine1.  In this instance, you should create a new site on Machine2, then you can simply federate this server with Portal.

I don't think that this is the source of your issue with joining the sites, but even if you sort out this issue then you won't be able to join them if the licensing isn't correct.

0 Kudos
CraigAJohnson
New Contributor II

Thanks for your help, I appreciate it.

0 Kudos