I'm attempting to setup collaboration between ArcGIS Online and ArcGIS Enterprise (Portal).
Each time I try,my Portal keeps saying:
"Cannot execute collaboration workspace sync. Participate with ID (Guest - Portal) has status NOT active for collaboration with name 'xxx' and id , workspace id"
I've searched and searched with no results
Hi Aleksandra Zietara,
I did update my Portal to 10.7 - and I made sure that the username I was entering for ArcGIS Online to access my portal was correct - DOMAIN\userID. Everything worked after that. No issues at all.
You say that your Portal (Enterprise) install is NOT internet accessible (intranet) but it is configured correctly to pass through our enterprise proxy. Does this mean that your Portal does have access to the internet through this proxy and that is how you would be able to collaborate with AGOL?
Sorry this took a few days!
Yes. Our enterprise Proxy allows common port and http(s) protocol (443, 80) connections going outward. Once a connection is established, the remote server (ArcGIS Online) can communicate back.
I have another few connections (in GeoEvent Server) that must be made through the Proxy that are NOT on common ports/protocol. I had to obtain waivers, which had to go through an IT management process to approve - and eventually they added proxy rules for my specific server and required ports/protocols.
Make sense? I'm not great with network lingo....
Do you have a means to determine yourself if those ports are open (something like telnet to determine open ports)?
Currently, my org's sandbox Portal is not accessible to the internet, but I thought the collaboration could be setup where traffic could just flow from AGOL to the internal portal that does not have outward connectivity?
No, I don't.
I can tell if the server even has access to the proxy by logging into it and opening up arcgis.com or any outside website in a browser window.
I'd ask your IT if the account you are using as your "the account to be used by Portal for ArcGIS to perform a variety of functions in support of the portal" has the rights to pass through the proxy. Sorry - I can't find a name for it in the documentation. The account that has access to the other machines in your Enterprise, your file storage, etc. I use a domain account so that it can be given permissions on the network. That user might need rights for the proxy.
Thanks for the feedback. I actually had multiple problems with my setup that needed to be addressed. Unbeknownst to me another active directory account had been remoted into the server (or a lock was being held onto from this account which was resolved by rebooting the server) and this type of account blocks all internet access including to AGOL (enhanced security to prevent MalWare attacks).
I then found out that the self-signed certificates used for the base Enterprise deployment for AGS, Portal, and the DataStore are not adequate for Collaboration tasks. ESRI tech support assisted me with installing the proper domain certificates for AGS, Portal, and the DataStore using the same certificate that had already been installed and configured for the web adaptors.
The Collaboration now works for me, but there are some workflows that I would have like to have used which are just not possible (e.g. Copying web apps from AGOL to Portal - the ESRI tech support specialist did inform me that this workflow can be done in the reverse direction Portal to AGOL which would not meet my current collaboration workflow needs).
See this article:
Configure a firewall allowed list to enable access to ArcGIS Online and associated URLs
related to whitelisting ArcGIS domains
No outbound traffic is allowed on port 443
Related to ensuring the correct ports are open.
The Windows account running the Portal for ArcGIS service does not have any internet connection
Ensuring the correct configuration of the forward proxy server.
I am working with Esri Support, and so far, we have observed these steps: