I've been dealing with this problem for a while and have even asked questions on here about it but I have not found a solution yet.
I want to setup a multi-machine deployment on two virtual servers (Windows Server 2019);
Machine1 - Portal, ArcGIS Server, Data Store, Web Adaptor (I used Builder to install all software)
Machine2 - ArcGIS Server with Image Server license (just used ArcGIS Server installation software)
Everything loads fine, it's just when I load ArcGIS Server on Machine2 and it asks if I want to "Create a New Site" or "Join an Existing Site" I get the following error:
Failed to join the site 'https://MACHINE1:6443/arcgis/admin/'. Server machine 'https://MACHINE1:6443/arcgis/admin//machines/register' returned an error. 'Admin URL 'https://MACHINE2.GIS.COM:6443/arcgis/admin' is not reachable from 'MACHINE1.GIS.COM'.
I've done multiple installations (wipe the machine and start over) and always receive this error.
I've created Inbound and Outbound rules to open every port that ESRI recommends on both servers. I have a CA-Signed SSL certificate for both servers. Both servers have a Fully Qualified Doman Name. I can ping each server. I can view the default IIS webpage from each server. I'm using the same ESRI license files for each server. I'm using the same version of ArcGIS Server on each machine (10.8).
Basically, I've done everything I know to join Machine2 to the existing site on Machine1.
My question - is there anything else, no matter how trivial, that I should look at when setting up the servers. I feel it is a server issue that I'm overlooking, something very simple. For example, should I worry about the Host file??
Any information would be appreciated.
Since you are running both an ArcGIS GIS Server and IIS Web Adaptor on the same machine, you have at least 2 different web servers running on the machine because ArcGIS GIS Server has its own embedded web server. Connecting to the default IIS web page doesn't ensure your connections to the embedded ArcGIS GIS Server are working correctly, and MACHINE2 is trying to register using the embedded web server on MACHINE1.
Regarding, "I have a CA-Signed SSL certificate for both servers." Did you bind the CA-Signed SSL certificate to the embedded web server, or is it only bound to the IIS web server?
On MACHINE2, open up a web browser and try connecting to https://MACHINE1.domain.com:6443/arcgis/admin, do you get any certificate or other errors?
Did you verify folder/file share and security on config-store using same domain user account?
same verify for using the FQDN in that url? and all pieces of that SSL, is it a wildcard SSL?
You'll need to go beyond the ping test to be 100% certain that the machines can talk to each other over the correct ports. To do this, complete the following test from each machine:
When doing this test, try all combinations of IP addresses, machine names, and DNS aliases just to make sure there aren't any variations in terms of hostname resolution.
A few more things to look out for:
Hope this helps!
I ran the following test on machine name, IP, and DNS alias:
Test-NetConnection -ComputerName <DESTINATION SERVER> -Port 6443
When I ran the test, machine name and IP succeeded but on the DNS alias it failed on TcpTestSucceeded came back as False. Is there something in Server Manager (maybe?) that I need to turn on to allow TCP for the DNS Alias?
I believe I have the shared folder and SSL configurations set correctly as per ESRI's recommendations.
Thanks for the help and information.
I think you need the assistance of a network analyst to determine why the network connection test fails for the alias but not the IP/machine name.
You could try following the directions to Configure ArcGIS Server in advanced scenarios—ArcGIS Server | Documentation for ArcGIS Enterprise to force ArcGIS Server to only use the machine name (which you know works over 6443) just to see if you can complete the configuration.
However, going back to your original post in this thread, I noticed the following:
For an ArcGIS Server setup where you join two machines together to form a multi-machine site, both machines must be licensed for the same roles - i.e. Machine1 and Machine2 each need to have their own GIS Server and Image Server licenses.
If the idea behind your deployment is for Machine1 to only provide map services and for Machine2 to only provide image services, then you cannot (and don't have to) join Machine2 to Machine1. In this instance, you should create a new site on Machine2, then you can simply federate this server with Portal.
I don't think that this is the source of your issue with joining the sites, but even if you sort out this issue then you won't be able to join them if the licensing isn't correct.