We have an external portal with two ArcGIS servers. We have a web adaptor box in the DMZ and the servers are on our local network. We are using HTTPs only on the portal and the servers. Their is a valid externally signed certificate on the Web Adaptor box. We are running ArcGIS 10.5 Enterprise.
This set up was working well until last week when Infrastructure attempted to block our Admin URLs from the internet.
The changes weren't successful and a roll back was applied. However we are no longer able to connect to our portal servers through Arc Catalog.
When we try to use our existing Arc Catalog connections we get the following error
And when I try and create a new connection in Arc Catalog I get
I have been running python scripts to validate that all the services on the servers are running and these scripts are now failing at the get token stage.
Calling getToken Function
HTTP Error 500: Internal Server Error
I had a look at fiddler and it looks like the arc catalog can get to our website using port 443 then it tries to redirect to the server using port 6080 instead of port 6443?
tunnel to mywebsite.com:443 0
tunnel to mywebsite.com:6080 512 no - cach, must revalidate
tunnel to mywebsite.com:6080 -1
I am still able to generate a token using the the Web URL.
I'm not a network expert so I'm trying to figure out if this is likely to be a firewall issue / network problem or an ArcGIS issue.
Any help would be appreicated.
I'd install a tool like fiddler, configure it to capture and decrypt https traffic (tools>options>https), and attempt to make your connection with Desktop.
Fiddler will record your traffic. When the connection fails, find the attempt to connect to the admin endpoint and click the 'web view' tab. Typically if the issue is related to a firewall of some sort, you'll see the firewalls response in the webview tab, which will at least give you a better idea.
I installed fiddler and captured the https traffic as you suggested. The connection failed at the generateToken stage and the Webview indicated the the Web Page was being blocked.
I sent the fiddler results to the infrastructure team who checked the firewall roll back they did last week and they found that the roll back hadn't been completed properly.
We now can connect via catalog.
Again thanks for helping me diagnose the problem.