Community

Cannot add NLCD 2016 as WMS to Portal 10.6.1

1904
12
07-24-2019 11:10 AM
Dixie_MDavis
by
Occasional Contributor
‎07-24-2019 11:10 AM

Hello, all.

I cannot add the latest NLCD 2016 WMS service (https://www.mrlc.gov/geoserver/mrlc_display/NLCD_2016_Land_Cover_L48/ows?Service=WMS) to a web map in Enterprise Portal 10.6.1.  I can add it to an ArcGIS Online web map.  I realize the capabilities in ArcGIS Online are updated more frequently, but am surprised I can't add the service to our Portal. 

I need the layer as a basemap in an app we are building and will end up using it via ArcGIS Online if I must, but wanted to check first with the community to find out if perhaps I am missing something with the way I am trying to add the service.

I have included an image of the error I get when I try to add the service to a map.Error message received when trying to add WMS service to Portal map.

Thanks, in advance, for any help you can provide.

Best, Dixie.

0 Kudos
12 Replies
ThomasJones1
by Esri Contributor
Esri Contributor
‎07-25-2019 05:42 AM

Hello Dixie,

I was able to successfully add the WMS service to ArcGIS Online and my Portal (10.6.1). So it doesn't look like there is any issue with the WMS service itself. Is this the first time you have attempted to use an external WMS service with your Portal?

We would need to take a look at the requests made to the WMS service when you try to add it to the web map. Its possible your Portal may have not network access to resolve the WMS service URL.

Do you have any experience using browser developer tools or network capture software such as Fiddler? 

Thanks,

Thomas.

0 Kudos
Dixie_MDavis
by
Occasional Contributor
‎07-25-2019 07:00 AM

Hi, Thomas.

Thanks for the reply.  Yes, I have used Fiddler before and should have tried using it to get a hint at what's going on.  Yes, again, that this is the first attempt at accessing an external WMS service with our Portal.  

I will try to add the service again using Fiddler and report back.

Best, Dixie.

0 Kudos
Dixie_MDavis
by
Occasional Contributor
‎07-25-2019 08:08 AM

Well, I believe I am going to need some guidance with using Fiddler and decrypting HTTPS traffic.  I can only see that there is a SSLv3-compatible handshake found. 

I am not quite sure what you mean by our Portal not having, "network access to resolve the WMS service URL".  Are there Portal/Server configurations outside the browser that need to be set so that we can communicate with these types of services?  


Thanks, Dixie.

0 Kudos
Dixie_MDavis
by
Occasional Contributor
‎07-26-2019 06:09 AM

Hello again, Thomas.

Should I put in a support request to try and resolve this?  I have not been able to find any other documentation supporting additional configurations I should make to our Portal configuration so that it can support adding external WMS layers.  I know the URL is correct as I have been able to add the same URL to ArcGIS Online and can add it to ArcCatalog.

I have seen this thread regarding others having an issue.  We do not have a proxy configured with our Portal.

https://community.esri.com/thread/207495-adding-wms-in-portal-and-arcgis-pro 

Thanks again for your initial response.  Please let me know if I should proceed with Technical Support.

Best, Dixie.

0 Kudos
ThomasJones1
by Esri Contributor
Esri Contributor
‎07-29-2019 05:10 AM

Hello Dixie,

Is the WMS service server on a different network than your Enterprise Deployment? It's possible that the requests made by Portal to the service are being blocked. If that is the case you may need to work with your IT Department to allow access to the WMS service. Outside of portal your network configuration may limit access to resources from outside your internal network. Commonly this might be a firewall or reverse proxy.

I would recommend logging into the portal machine under the portal Windows service account. Then try and access the WMS service in a browser. Again if this fails the requests may be being blocked. I've also added some steps below which should help capture additional traffic using Fiddler.

Enable Fiddler to view 'HTTPS' traffic:

1). Open Fiddler > Tools > Options.

2). Navigate to the 'HTTPS' tab in the Options window.

3). Check 'Capture HTTPS CONNECTs' and 'Decrypt HTTPS traffic'

4). After clicking 'Decrypt HTTPS traffic' you should be prompted to trust the Fiddler root certificate.

5). Click yes through the follow prompts.

If you have the option you may want to create a case with support. They would be able to assist further with troubleshooting the WMS service issues. If you have any additional questions please let me know.

I hope this helps!

Thanks,

Thomas.

0 Kudos
Dixie_MDavis
by
Occasional Contributor
‎07-29-2019 05:14 AM

Thanks so much for the response, Thomas.  


I really appreciate the Fiddler steps.  I have submitted a case with support to get help.  Thanks again, Dixie.

0 Kudos
ThomasJones1
by Esri Contributor
Esri Contributor
‎07-29-2019 08:30 AM

No problem at all happy to help. Let me know how the support case goes. If you are able to provide a Fiddler capture of adding the WMS service to a web map that will definitely help out the analyst. 

Thanks,

Thomas.

0 Kudos
Dixie_MDavis
by
Occasional Contributor
‎08-08-2019 07:14 AM

OK, because you asked... (^-*).

Here's how it is going-

We know that there is a CORS error related to the "Access-Control-Allow-Origin" setting that is preventing us from adding the WMS service to a Portal map.  We know that there is a wildcard used in the response header and the error that is triggered is part of the XMLHTTPRequest made in the dojo.js JavaScript file.  We know that the wildcard setting is in conflict with the request's "withCredentials" attribute being set to "include".  We know that we can get the WMS Capabilities response in Fiddler when we add the WMS URL.  We know these things from research and from troubleshooting with Fiddler and the F12 console errors in FireFox, Chrome and IE.


What we don't know is where the wildcard is set.  

What we have tried-

+ Adding the WMS domain ("https://www.mrlc.gov") to the AllowedOrigins in the ArcGIS Server Admin Directory. 
+ Adding "mrlc.gov" to the Allow Origins section of the Portal Security settings.

+ Adding a custom HTTP response header to IIS for both the default site and the Server web adaptor.  We have since removed these as this custom header does not follow best practices and is in conflict with ESRI documentation (Restricting cross-domain requests to ArcGIS Server—ArcGIS Server Administration (Windows) | ArcGIS E...).
+ Stopped/started Portal and Server NT services.
+ Cleared browser cache.

Is there any insight you (or anyone) can share as to where else we need to add the domain for the WMS service?  The documentation listed above mentions that you need to set the same restrictions for your web server.  Do we need to add something to the Server and/or Portal web adaptors, and/or to our web site directory?


Thanks in advance for any help, Dixie.

0 Kudos
Lu-chiaChuang
by
New Contributor III
‎04-17-2020 09:02 AM

Dixie,

Are you able to resolve this issue? I have a similar problem to consume a CSV web feed. Thank you.

Luke

0 Kudos