Hi people,
I am trying to configure the web adaptor for my Enterprise portal, specify the URL and an administrator account for Portal for ArcGIS, but I always receive the error: "Failed to get administrator token from Portal. Please verify that the Portal URL specified can be accessed successfully."
Solved! Go to Solution.
In the first box, remove "https://" and see if that works. Starting at 10.7, the requirement changed to be just the hostname of the machine (see example under the first box).
In the first box, remove "https://" and see if that works. Starting at 10.7, the requirement changed to be just the hostname of the machine (see example under the first box).
Thank you very much for your answer. It worked, but I am not entirely sure if that was the only solution, because in the meantime, I also reset the port bindings and I configured my firewall to accept other ports. But in the end it worked, so thanks again!
I'm stuck at this point also. I've tried several variations on what I entered in the first box, including:
However, I continue to get the error: "
Failed to get administrator token from the server. Please verify that the specified server can be successfully accessed."
On the machine where the web adaptor is installed, can you get to the https://MyNewArcGISServer.domain.org:6443/arcgis/manager Url in a browser tab? If that page doesn't load in a regular tab, then the web adaptor won't be able to register.
@ReeseFacendini thanks for the direction. I could NOT reach https://MyNewArcGISServer.domain.org:6443/arcgis/manager from my web server. As a couple other threads that are similar to this one indicate the fix, for me, was to open ports 6443 and 7443 within the firewall.
Thanks
And I'm back! This time around I am attempting to configure the web adaptor for an instance of portal. I can successfully register the web adaptor using the initial administrator account used to make the portal site and is a built-in member. However, I want to replicate the setup for my other server web adaptors, which use a domain account. The initial web adaptor config screen states "To configure the web adaptor, specify the URL and an administrator account for Portal for ArcGIS." Well, I try to use my own SAML authenticated account which has admin privilege's within portal - but no go.
Must the administrator account used to register the web adaptor for portal be a built in account? This is not the case for web adaptors used against server.
When you're setting up a Web Adaptor, you need to use an ArcGIS Token account for Portal that has admin permissions, typically it's the very first account that you create that you would use here, and potentially look to deprecate that account after.
With a server you should be using the Primary Service Account that you use when you deployed the server.
Thanks @Scott_Tansley. So you're confirming that the initial administrator account is the only one that will work to register a web adaptor against a portal? That makes sense, as that account works for me. My beef is that the doc states:
"To configure the web adaptor, specify the URL and an administrator account for Portal for ArcGIS."
This does NOT state it must be the initial admin account, or that it must be a built-in account. This indicates that any account with admin privilege's within portal may be used.
To be clear:
ArcGIS Server has a Primary Site Admin account. Once you federate that then that becomes the only account you can use. Given that the a SAML2 or IWA account needs the Web Adaptor to be in place for that to work, then if you're configuring a web adaptor you can only use the PSA.
With the Enterprise Portal, you can only use token accounts with admin permissions (same reasons relating to IWA and SAML2). It has to be a token account. During an install, you'd normally create a Portal Admin account. Configure the Web Adaptor, and then you'd only have that portal admin account. Most people (not all) create users 'after' configuring the Web Adaptor (logical step). Therefore, if you make changes to the Web Adaptor in the future (e.g. upgrade) then you can use any TOKEN ADMIN level account.
The dependency here is that they must be token accounts that you enter.
