ArcGIS for Server Administration Using Windows Authentication

1072
4
Jump to solution
11-22-2017 11:26 AM
CarlosColón-Maldonado
Occasional Contributor III

Greetings,

I have several Windows Server 2012 R2 running ArcGIS for Server 10.3.1 (AGS) servers which I have secured using DoD STIG requirements, one being the disabling of the services directory (as a recommendation). All AGS deployments use windows domain groups to authenticate users as publishers and administrators via co-located web adapters which all have administration enabled. I love these settings since there is no longer a need to use the "arcgis" account for these purposes. 

Because web development against running services are a mandate, it is frequently an occurrence that services directory be re-enabled temporarily for analysis. I keep getting a "HTTP 404 Not Found" when I try re-enabling the services directory from a client browser using the Format: HTML set on the page. Wen I return to the Edit Services Directory page, I noticed that the Services Directory Enabled setting did not change, and I've end up remoting to the targeted server and making that change there using the HTTPS port and 'arcgis' account authentication. Using port on a client browser is not allowed on the network.

For kicks, I once tried changing this setting from an client browser using the Format: JSON, and I got a {"status": "success"} return page. However, I am now unable to make any further changes to that AGS either on the server using the 'arcgis' account and port, or via a client browser using either Format value.

1. How do restore that AGS deployment so that it would work as normal, again? Luckly, the stuck setting is that of 'Disabled'.

2. Why am I unable to make setting changes form a client browser even though AGS recognises me as an administrator in the Windows domain?

Thanks in advanced.

0 Kudos
1 Solution

Accepted Solutions
CarlosColón-Maldonado
Occasional Contributor III

Thanks, Thomas for making me think about this further.

It turns out that the ArcGIS Server service may have fallen out of sync with the directory during this process. While I have no idea why or how, but:

  • I removed the co-located .rlock file from the config-store directory
  • Edited and re-saved the existing settings as shown on the ArcGIS Server Administrator Directory, and
  • Restarted the ArcGIS Server service Windows services.

That appeared to have done the trick after couple days of confusion.

View solution in original post

0 Kudos
4 Replies
ThomasColson
MVP Frequent Contributor

Tech support will tell you that not only is this not supported, they're likely to refuse to answer your phone calls if they catch you doing it...... but....in an emergency I've had great success editing the jsons in the config-store. In your case,  stop the ArcGIS Server Service then edit C:\DATASTORE\config-store\system\handlers\rest\servicesdirectory.json change enabled to "true". You're less likely to blow things up if you use Notepadd++ and use an external json validator.

json‌#config-store

CarlosColón-Maldonado
Occasional Contributor III

Thanks, Thomas. You know they can read this, right? LoL

Gave it a try and found that that value was already set to true even though browsing to it says otherwise. it's as if it's stuck in read-only mode and won't change the last set or something. Could it have something to do the .co-located servicesdirectory.json.rlock file?

AGS Admin Svc Dir Svc Dir site

0 Kudos
CarlosColón-Maldonado
Occasional Contributor III

I should share the .json file info:

Svc Dir Json

0 Kudos
CarlosColón-Maldonado
Occasional Contributor III

Thanks, Thomas for making me think about this further.

It turns out that the ArcGIS Server service may have fallen out of sync with the directory during this process. While I have no idea why or how, but:

  • I removed the co-located .rlock file from the config-store directory
  • Edited and re-saved the existing settings as shown on the ArcGIS Server Administrator Directory, and
  • Restarted the ArcGIS Server service Windows services.

That appeared to have done the trick after couple days of confusion.

0 Kudos