ArcGIS Portal Error: Unable to load URL status 500 white changing feature hosted layer settings

13007
8
Jump to solution
01-07-2019 03:36 AM
AleksandraZietara
New Contributor III

Hello,

I have ArcGIS Enterprise Base Deployment installed on a virtual machine. Both Server and Portal use Web Adaptors and they are federated. It has been in a use for a while when I experienced an error while changing capabilities of feature hosted layer in Portal. When I want to 'enable editing' in settings and save it I got an error:

I am using an external URL but everything is working as it should, certificates are also fixed. Error appears with all the layers hosted on portal. What is more, even though a layer is set as editable (from before), it figures as an empty setting in Portal.

  

I also found a message which comes in portal log files when I try to change capabilities:


<Msg time="2019-01-07T10:17:59,295" type="SEVERE" code="219999" source="Sharing" process="2188" thread="16" methodName="" machine="XXX" user="" elapsed=""> URL 'https://xxx:6443/arcgis/rest/admin/services/Hosted/Veier/FeatureServer?token=J5vz3shs-eMJbTtJSTEIiOE...' is not accessible: Error. java.security.cert.CertificateException: No name matching xxx found.</Msg>

I struggled with this error for a week, so decided to reinstall the whole environment. Everything was installed on Friday and the error disappeared - I tested couple of times, with different feature layers, from different machines, users, with different capabilities - no problem. I came to an office today, wanted to change capabilities and the error came again. 

Has anyone experienced something similar?

I would appreciate any help.

Aleksandra

1 Solution

Accepted Solutions
JonathanQuinn
Esri Notable Contributor

You can disregard the error as that page requires authentication but you probably haven't provided any. Did you see a certificate error when first browsing to the page? Check the certificate by hitting F12 to bring up the dev tools, then go to Security > View Certificate and under the General tab, does the Issued to hostname match the hostname in the URL within the error, (https://xxx:6443). If not, go to Details and then see if a Subject Alternative Name is set for the certificate. If so, does it match the hostname? If not, then the problem is the certificate is mismatched and requests from Portal to that URL will be denied. If the hostname is correct, regenerate the certificate. If this is self-signed, then you can create it using Server Admin:

Configuring HTTPS using a self-signed certificate—ArcGIS Server Administration (Windows) | ArcGIS En... 

If the certificate is self-signed, then you'll need to sort out why it has changed. Has the hostname Server is installed on changed?

View solution in original post

8 Replies
JonathanQuinn
Esri Notable Contributor

Can you open https://xxx:6443/arcgis/rest/admin/ in your browser and see if the browser indicates the certificate is mismatched? The problem is likely that the CN, or common name, of the certificate is yyy but the URL you're accessing that is assigned the certificate is https://xxx:6443/arcgis/. This indicates a certificate mismatch would be the reason for the java.security.cert.CertificateException: No name matching xxx found error.

AleksandraZietara
New Contributor III

Hello Jonathan og thank you for a quick response!

Yes, you are right, when I try to open https://xxx:6443/arcgis/rest/admin I get an error and invalid certificate. The same happens both internally on the server and externally on a local machine. 

I am using two certificates in IIS. Domain certificate which contains wildcard and the name of my company and was imported as Root certificate in Portal and Server. And CA certificate which contains the name of the machine so the xxx in a URL  and was imported and updated as Self Signed Certificate in Portal and Server. What is wrong there?

What can I do to fix the problem?

0 Kudos
JonathanQuinn
Esri Notable Contributor

You can disregard the error as that page requires authentication but you probably haven't provided any. Did you see a certificate error when first browsing to the page? Check the certificate by hitting F12 to bring up the dev tools, then go to Security > View Certificate and under the General tab, does the Issued to hostname match the hostname in the URL within the error, (https://xxx:6443). If not, go to Details and then see if a Subject Alternative Name is set for the certificate. If so, does it match the hostname? If not, then the problem is the certificate is mismatched and requests from Portal to that URL will be denied. If the hostname is correct, regenerate the certificate. If this is self-signed, then you can create it using Server Admin:

Configuring HTTPS using a self-signed certificate—ArcGIS Server Administration (Windows) | ArcGIS En... 

If the certificate is self-signed, then you'll need to sort out why it has changed. Has the hostname Server is installed on changed?

AleksandraZietara
New Contributor III

Thank you very much Jonathan!

You are correct, a Subject Alternative Name was missing in the certificate. What is more, the hostname wasn't complete. The problem is solved. 

AbdoAbdelrasoul1
New Contributor II

Hello all,

I have the exact same problem. We have a web adaptor (proxy) server for which we have a CA-signed wild card certificate *.xxxx.com (external), our hosted ArcGIS server has a different domain xxxxcoxx.com (https//xxxserver1:6443, internal).  It is a multi-machine deployment (with two ArcGIS Server, the second one xxx2). I looked at the Subject Alternative name and it is xxxx.com not the name of the hosted server name.xxxxcoxx.com. What do I need to do here. Go back to provider to add Subject Alternative Name? Use a multiple-domains self signed certificate instead of the wild card?..No much experience behind basic understanding of certificates and properly import them.

I appreciate your help!

0 Kudos
AndresCastillo
MVP Regular Contributor
0 Kudos
JYI
by
Occasional Contributor

We have similar settings:

The problem is, the above settings work fine for everything, except the tile layers settings, nothing is displayed: 

JiehuaYi1_0-1629996590799.png

The error is like this:  "URL 'https://.../server/admin/services/Hosted/....MapServer?token=...U.&f=json' is not accessible: Error. No subject alternative DNS name matching xxxweb.xxxxcoxx.com found.."

When there is only one ArcGIS Server, the federated server is: https://xxxserver1.xxxxcoxx.com:6443/arcgis, everything works perfect, including this tile layer settings page.

My question is, why this happens to tile layer settings only, not to hosted feature service settings? And it seems to me that adding subject alternative DNS name of the web adaptor domain to the wild card certificate is the only solution? 

0 Kudos
JYI
by
Occasional Contributor

Our final solution is, change the admin url in the federated server to the external arcgis server url, not using the web adaptor url anymore. The change was safe to do, see here. Adding subject alternative DNS name of the web adaptor domain to the wild card certificate was turned down by IT for the security reason. 

0 Kudos