I'v installed the Web Adaptor on the iis web server which sits in a DMZ. The ports 6080 & 6443 are open in the firewall to ArcGIS Server. I have checked using a port scanner and have accessed the rest services directory from
"http://[arcgis server machine name]:6080/arcgis/rest/services"
.
But when I try to access the same rest services directory from
"http://[web server name]/arcgis/rest/services"
I get the "Could not access any GIS Server machines. Please contact your system administrator." error.
The weird thing is it lets me add arcgis server with no problem. I did have to edit the windows host file so that the arcgis server machine name would resolve. Since the web server is sitting in a DMZ.
Does the web adaptor need any other ports open?
System info
ArcGIS Server 10.3
Windows Server 2012 R2
IIS 8.5
Solved! Go to Solution.
So not only did I have to add a host entry in the windows host file for the machine but also for its
fully qualified name. machinename.domain.com
Donny,
We are running into a very similar issue. After moving our Web Adaptor to a new machine in the DMZ, we get the "Could not access any GIS Server machines" message with HTTPS while HTTP works.
I am curious as to what you had to add in the windows host file specifically. Is it the ArcGIS Server Name in our internal network? Is it added to the DMZ server host file?
Thanks for any help,
Mele
If you're able to reach the GIS server from the web adaptor over http and not https, then I highly doubt that editing the hosts file would help, since you already have name resolution. This sounds like the TLS handshake isn't occurring properly, like you have mismatched ciphers. Are you able to access the GIS Server inside your network on port 6443?
Thanks for giving us something more to look at.
Yes, We can get to the server inside our network via port 6443 without any error
Here is what the URL looks like
Which version of ArcGIS Server are you working with? Also, was any hardening done on your external facing web server? If you log into the web server, can you reach the GIS Server on port 6443 via a browser?
FYI I did have a support ticket that was closed. I responded asking for further assistance but have not heard back.
We have version 10.3.1. I had or Web Services guy try viewing the GIS Server via a browser and he was able to do that. As far as the web server hardening, I know there are changes going on, but our IT Security crew knows that much better than I
Thanks for responding.
Mele
OK. That helps. My guess is that there's an encryption anglrythm (cipher) mismatch between the web tier and the GIS tier. 10.3.1 doesn't support some newer ciphers. If you can DM me your web server's URL I can confirm.
I am not able to DM you as it looks like you need to follow me or possibly, I don't know how to do it.
There is an Esri Knowledge Base article on this topic:
Error: Could not access any GIS Server machines. Please contact your system administrator
For anyone that might stumble upon this these days:
If you also get an error validating your ArcGIS server connection -
1.) Your machines may have been desynchronized during a restart. According to the docs, it will only attempt to synchronize the Portal and ArcGIS servers once, then it's up to you to synchronize them manually. See: Synchronize With Site—ArcGIS REST APIs | ArcGIS Developers.
In case the link is broken later, see the description at the bottom of this post.
2.) Before you unregister your web adaptor, try the tool in the above link. It only takes a few minutes to run.
3.) You can access the ArcGIS Server Administrator Directory using the following URL: https://<machine name>:6443/arcgis/admin. I was able to access this even when the other server URLs were inaccessible.
Hope it helps someone!
Description of the Synchronize with Site tool:
"On occasion, one or more machines in a server site might be unavailable due to network issues or because they are down (intentionally or unintentionally). Once these machines become available again, they will need to synchronize with the site to pick up any changes made to the site during that downtime. This is done automatically by the site, but it is only a one-time attempt. If there are any issues with this synchronizing effort, a SEVERE message is logged.
This operation allows administrators to manually synchronize specific machines with the site. Synchronizing a machine with the site will reconfigure the machine and redeploy all services. This will take a few minutes. During this time, all administrative operations on the site will be blocked."