ArcGIS Server Security Error

9579
5
03-13-2014 10:03 AM
VikramS
Occasional Contributor
Hello ,

I am using ArcGIS Server 10.2.1 . I changed the security to Users from Windows Domain and Built-in Roles . Authentication is at GIS Tier Level . After I did this setting, I am getting below warning

Unable to connect to the identity store using SSL. ArcGIS Server will revert to using a non-SSL connection to the identity store and credentials will be sent in clear text. In order to use SSL, verify that your identity store has SSL enabled. Simple bind failed: (IP Address)

Any ideas why I am getting this warning ..
5 Replies
BubbaHey
Occasional Contributor III
Are you using Web Adaptor? If so, in II Manager, check Authentication - it should be set to Windows and Anonymous disabled.

IS SSL functioning?  Are you using self-signed or CA certificates?
0 Kudos
VikramS
Occasional Contributor
Are you using Web Adaptor? If so, in II Manager, check Authentication - it should be set to Windows and Anonymous disabled.

IS SSL functioning?  Are you using self-signed or CA certificates?


Hello,

Thanks for replying . WebServer and GIS Server are installed in same machine . Web Server is Anonymous enabled and Windows authentication disabled . Below are the properties for SSL

Web server SSL Enabled : false 
Web server SSL Certificate: SelfSignedCertificate

How can i check if the SSL is functioning ? Do I need to enable Windows Authentication and disable Anonymous access?
0 Kudos
WilliamCraft
MVP Regular Contributor
So are you saying that you have changed the security settings for users and roles such that users now utilize Windows AD and roles come from the built-in store?  Also, are you wanting to enable SSL or disable it?  None of this is abundantly clear when I read your original post, so it's difficult to understand what you're actually trying to achieve.  I think you might be trying to use Windows AD for users and the built-in store for roles, all with SSL enabled. 

What does your Admin Directory say for the user and role stores under Security > Config? 

The error you're getting seems to point to an issue with SSL specifically.  If you want to use SSL, you need to enable it in IIS and ArcGIS for Server.  I noticed that you said IIS was 'false' despite the fact that a self-signed certificate is being used, but I'm not sure what you mean by that.  If you have a certificate binded to the website using port 443, then SSL is already enabled in IIS. 

Let's take a few steps to verify certain required settings are configured for SSL with the web adaptor using Windows Active Directory for users and the built-in store for roles.  Ensure that Windows authentication is enabled and everything else is disabled in IIS under the Authentication section at the web adaptor level.  Then, enable SSL in ArcGIS for Server following the steps at the link below.  I suspect that steps 3 and 5 from the link below may be the most critical in resolving this issue:

http://resources.arcgis.com/en/help/main/10.2/index.html#//015400000600000000

There are also similar threads with some good detail here and here

Let me know if these instructions help you to resolve your error.
TimothyMichael
Occasional Contributor II
I am experiencing the same error in our environment.  Some additional detail:

-Using ArcGIS Server on AWS
-Upgraded previous machine(s) from 10.1.1 to 10.2.1
-Using LDAP as credential store, hosted on another instance
-Not using Web Adaptor
-GIS Tier authentication

I have added rules to allow TCP/UDP traffic for ports 389 and 636 between the security groups of the ArcGIS Server instances and the instance hosting LDAP.  Same error as the O.P.:

Unable to connect to the identity store using SSL. ArcGIS Server will revert to using a non-SSL connection to the identity store and credentials will be sent in clear text. In order to use SSL, verify that your identity store has SSL enabled. simple bind failed: <ServerName>:636
0 Kudos
YangLiu2
New Contributor II

Hi,

I am an ArcGIS Server Administrator. I have the same issue. I am worried about our ArcGIS Server Security. Did you figure out why the WARNING appears? Thanks!

-YL

0 Kudos