Can't Connect to Portal Servers through Catalog 10.5

620
2
04-04-2018 09:30 PM
ClintonBallandis1
Occasional Contributor

Hi

We have an external portal with two ArcGIS servers. We have a web adaptor box in the DMZ and the servers are on our local network. We are using HTTPs only on the portal and the servers. Their is a valid externally signed certificate on the Web Adaptor box. We are running ArcGIS 10.5 Enterprise.

This set up was working well until last week when Infrastructure attempted to block our Admin URLs from the internet.

The changes weren't successful and a roll back was applied. However we are no longer able to connect to our portal servers through Arc Catalog. 

When we try to use our existing Arc Catalog connections we get the following error

 And when I try and create a new connection in Arc Catalog I get 

   

      https://mywebsite.com/server/admin

I have been running python scripts to validate that all the services on the servers are running and these scripts are now failing at the get token stage.

Calling getToken Function

HTTP Error 500: Internal Server Error

I had a look at fiddler and it looks like the arc catalog can get to our website using port 443 then it tries to redirect to the server using port 6080 instead of port 6443? 

  tunnel to  mywebsite.com:443                                        0

  tunnel to  mywebsite.com:6080                                      512 no - cach, must revalidate

  tunnel to mywebsite.com:6080                                       -1

  

I am still able to generate a token using the the Web URL.

I'm not a network expert  so I'm trying to figure out if this is likely to be a firewall issue / network problem or an ArcGIS issue.

Any help would be appreicated.

Thanks,

Clinton

0 Kudos
2 Replies
RandallWilliams
Esri Regular Contributor

I'd install a tool like fiddler, configure it to capture and decrypt https traffic (tools>options>https), and attempt to make your connection with Desktop.

Fiddler will record your traffic. When the connection fails, find the attempt to connect to the admin endpoint and click the 'web view' tab. Typically if the issue is related to a firewall of some sort, you'll see the firewalls response in the webview tab, which will at least give you a better idea.

ClintonBallandis1
Occasional Contributor

Thanks Randall, 

I installed fiddler and captured the https traffic as you suggested. The connection failed at the generateToken stage and the Webview indicated the the Web Page was being blocked.

I sent the fiddler results to the infrastructure team who checked the firewall roll back they did last week and they found that the roll back hadn't been completed properly.

We now can connect via catalog.

Again thanks for helping me diagnose the problem.

Clinton