ArcGIS Server (AGS) 10.5.1 Fetching Token Error

MichaelVolz · ‎02-11-2019

I am using a python script that originated from GitHub to stop AGS services, specifically geocode services, so that the associated address locator can be rebuilt from updated data. This python script has been running successfully for over a year, but recently is throwing the error "Error while fetching tokens from admin URL. Please check the URL and try again." The AGS 10.5.1 software has not changed so I am confused as to why all of a sudden I am getting these errors. I am getting the error in all my organization's AGS environments (development, test, and production) where both development and production are 2-server load balanced sites and the test environment is a single server site.

Has anyone ever seen the error I have indicated above?

If so, were you able to determine the root cause of the error?

Any help or feedback related to this issue is greatly appreciated.

JonathanQuinn · ‎02-12-2019

Is this a full ArcGIS Enterprise deployment, or only Server? Can you generate a token manually through the Rest API?

MichaelVolz · ‎02-12-2019

I only have a Server deployment.

Can you provide a link to the location in the Rest API documentation that would show how to manually generate a token?

If that manual process throws an error, would Fiddler potentially provide some answers on the problem?

JonathanQuinn · ‎02-15-2019

It's tough to say whether Fiddler would give you anything as it's not clear whether the script is sending invalid requests, (in which case it would be useful), or Server is simply having trouble generating tokens, (in which case it won't be helpful).

To generate a token manually, navigate to this endpoint:

https://server.domain.com:6443/arcgis/tokens/

Generate Token—ArcGIS REST API: Services Directory | ArcGIS for Developers

MichaelVolz · ‎02-15-2019

While on the server where the script runs, that token generator utility did not work unless Fiddler was running. I am able to use that token generator utility on a desktop, though, if that means anything.

JonathanQuinn · ‎02-15-2019

If it only works when Fiddler is running, it's likely a certificate problem. When you run Fiddler and you tell it to decrypt HTTPS traffic, Fiddler will install the Fiddler root certificate as a trusted certificate on the machine. Fiddler is intercepting the request and since the machine trusts the Fiddler certificate, it works.

I'd try to reach the URL you're making requests to in a browser on the machine and see if you get an untrusted certificate warning. If so, within the browser, export the certificate and then import it into the trusted root certificate store on the machine.