Install ArcGIS Enterprise on a Home LAN

2169
13
02-25-2022 12:34 PM
JimSaundersJr
New Contributor II

I have a Lenovo ThinkSystem SR630 server running Windows Server 2019 and I have installed IIS 10. The server is on my home LAN fed by a Google Fiber Router. I have a Domain Name / Website from Google Domains and I have managed to publish a test website from my server. (Not hosted by Google.) I have a Let'sEncrypt SSL certificate issued for my domain name. I am trying to install ArcGIS Enterprise on this server using ArcGIS Enterprise Builder. I am not having any luck. It seems that Builder requires a Fully Qualified Domain Name (FQDN) in order to install properly. It breaks down when trying to configure the Web Adaptors for Portal and Server.

Has anyone setup ArcGIS Enterprise using ArcGIS Enterprise Builder (or in any way) on a home server and gotten it to work? Do I need to install a DNS service on my server to get this to work?

I'm afraid I do not have a lot of experience / knowledge with Network Engineering. Thanks.

0 Kudos
13 Replies
Scott_Tansley
MVP Regular Contributor

Have you tried [hostname].local ?

Scott Tansley
https://www.linkedin.com/in/scotttansley/
0 Kudos
JimSaundersJr
New Contributor II

My server's name (hostname) is SI-Server1 and pinging it from the LAN shows that it has a local name of SI-Server1.lan.  I have tried this several times. But for ArcGIS Enterprise, you must have a CA signed SSL certificate for your website and a FQDN.  My website is saundersintl.net and I have an SSL certificate for it.  But I have been unable to make this domain name a FQDN with SSL. I believe that Enterprise is looking for something like https://SI-Server1.saundersintl.net.  The only way I can see to do this is to install Windows DNS on my server, but I don't know what that might do to my Google DNS Servers.

0 Kudos
Scott_Tansley
MVP Regular Contributor

I know that you can’t install ArcGIS on a domain controller, not sure what would happen if you made it a DNS server.

have you tried entering the fqdn into your hosts file:

127.0.0.1  SI-Server1.lan

the installer ‘May’ recognise this and let you get away with it but it’s a real hack.

the external web address would typically provide an alias to your router.  And you would need to NAT to the server.  

I’m also not convinced that you can use an alias with enterprise builder.  I have achieved what you said but I did a manual build of each cOpponent and wired it manually. 

The hosts file may be your lowest hanging fruit.

 

Scott Tansley
https://www.linkedin.com/in/scotttansley/
0 Kudos
JimSaundersJr
New Contributor II

Thank you Scott.

I have tried editing the host file as

127.0.0.1           SI-Server1 (but not with SI-Server1.lan)  and also

136.53.58.31    SI-Server1  (which is the external IP Address of my Google Fiber router.  I have not used the SI-Server1.lan designation though.

I have been working for many weeks with ESRI Support and yes, they say that editing the host file and using a DNS alias is not supported by Builder.  I spoke about installing the pieces individually and ESRI Support says that also requires  an FQDN (without a DNS Alias or host file editing which would also be unsupported.)  It seems that ArcGIS Enterprise must be installed on a server that is a part of a larger domain, preferably with AD DS.

But if you say you have installed the various pieces on a LAN based server successfully, I may have to try that next.  What did you define as your local hostname?  Did you edit the host file with xxx.local?

0 Kudos
Scott_Tansley
MVP Regular Contributor

So my windows server2019 is used as a domain controller and dns.  I used a domain joined windows 10 (now 11) for deploying ArcGIS enterprise.  It’s dev only so works.  But it all hangs off my home lan.

for a recent project I used enterprise builder on a laptop without an ad.  I had to use the laptop.local path and a self-signed cert.  it was not particularly successful I have to say. 

To get your external address/cert to work internally you’d probably end up needing split dns.  I’ve had to do that with my dev build.  

 

Scott Tansley
https://www.linkedin.com/in/scotttansley/
0 Kudos
Brian_Wilson
Occasional Contributor III

I set up Enterprise many many times on my home network (I was testing deploying it in Docker containers) and never worried about having an AD because I was doing everything in Linux.  I have never tried Builder,  I never had any problems installing and whenever I talk to Esri they say 'did you use Builder' and I say 'no' and they say "GOOD" sometimes adding under their breath "never use Builder". 

Well, if you own a domain already you could use a free DNS server on the Internet, I use cloudflare.com. I see that you are already using Google. Fine, I have no idea how to use them to manage domains. If google lets you manage your own DNS then grand! Press on. Else get a cloudflare account (free for personal use)

I know that with Cloudflare I can put in any address and any name for my domains no matter whether it's publicly routable or not. So for example I will pop one into my set up. Try pinging portal.map46.com. It should resolve the address as 192.168.0.1 and if that address exists on your lan it will not time out.

Put the local address on your network into DNS as an A record for SI-Server1. Unless you want people out on the net using your server then that won't matter. It will make the Esri installer happy because it will see a FQDN that hits your server.

If you are using Google then you should be good. If you can't for some reason you could either (1) put the new name servers into your Windows Server so that it uses (for example Cloudflare) which would be 1.1.1.1 and 1.0.0.1 instead of the Google ones or whatever you have in there now. or (2) you could change the name servers registered with Google to point at Cloudflare's. (They tell you how to do that)

You said you already got a certificate from LetsEncrypt installed right, so that part is done already. That also means some service out there is already handling DNS for you?? Does not really matter as long as you have an SSL cert and it works.

You don't need a CA signed cert for ArcGIS, self-signed will work, but if you already have one, keep going! 

At this point if you have done the above you should be able to open a browser on the server, and hit URLS both on the Internet at the one on your own server https://si-server1.saundersintl.net/

Your server will have a non-routable internal number on it for your own private server. It's just for that one server! It will resolve for the server and that's all that matters. No one else in the world will be able to reach it but you probably don't want them to (yet) anyway so install now.

At this point it should be possible for you to install because the name exists, has a certificate, and resolves to a real IP address. It's just not reachable from outside.

If you later on decide you want to have people outside reaching your server you will need to punch through the firewall, set up port forwarding, and have a real outside address but you still don't need a "split DNS". Just publish services outside with a different name. For example, make an entry "portal" and point it at the public DNS. If you have done all the router and firewall set up it will direct traffic to the same machine under a separate name. You can then handle the traffic on IIS and redirect it to the internal name.

Hope I have not made things muddier.

 

JimSaundersJr
New Contributor II

Hi Brian, Thanks for the detailed reply.

I tried to ping your "portal.map46.com from both my server and laptop, but with no success.  Reply said "Ping request could not find host portal.map46.com. Please check the name and try again." I've attached a screen capture.

I did go to my Google Domains DNS Settings and added an "A" record for si-server1.  It doesn't appear to have any effect anywhere.  I've also attached screen captures for my Google DNS settings.  I may not have done this properly.

I have also attached a few other screen captures of other information.  I've created a static IP Address for my SI-Server1 and have port forwarding from the router to my server.

I know this is a lot and I guess what I am truly missing is creating a Fully Qualified Domain Name (FQDN) on my server for SI-Server1.saundersintl.net.

Thanks again,

Jim Saunders
Saunders International, Inc
Maximo Spatial and ArcGIS
SaundersIntl.com
+1 256-808-7512
Jim@SaundersIntl.com

Note: saundersintl.com is a separate website hosted on GoDaddy.

0 Kudos
Scott_Tansley
MVP Regular Contributor

I think you're getting close in your web configuration because I can see this:

Scott_Tansley_0-1645932751596.png

Scott_Tansley_1-1645932780169.png

Which means you need to configure the web adaptors.  Given that you've used Enterprise builder, and it's all on one machine, then you should be able to use the SI-Server1.lan I mentioned earlier.

 

 

 

 

 

Scott Tansley
https://www.linkedin.com/in/scotttansley/
0 Kudos
Scott_Tansley
MVP Regular Contributor

Another consideration is that you've giving away a lot of the internal pathing in your home network by showing those pictures.  I'd delete them, given world events and cybersecurity and everything else.  Your DNS settings, NAT'ing and SSL certificates are all good.  You just need to get the web adaptor to accept 'a path' to your portal and server.  So please delete your private network info.

Scott Tansley
https://www.linkedin.com/in/scotttansley/
0 Kudos