installing Web Adaptor IIS SP1

TimHayes · ‎07-26-2013

We already are running ArcGIS Server 10.1. Just installed SP1. I have map services running in a virtual directory in inetpub wwwroot on our machine's c drive.

However, after I upgraded to IIS SP1 I get the following error after I complete the Config:

Application Error

Failed to get administrator token from the GIS server. Please verify that the GIS Server URL specified can be accessed successfully

I can no longer access ArcGIS Server Manager. I am the ArcGIS Server Administrator and Machine Administrator. All was good before I installed IIS SP1.

Any ideas on what could be wrong?

BubbaHey · ‎07-29-2013

Make sure World Wide Web service is started.

Also,if using a firewall, make sure ports are open.

See:

http://resources.arcgis.com/en/help/main/10.1/index.html#//015400000537000000

TimHayes · ‎07-29-2013

Make sure World Wide Web service is started.

Also,if using a firewall, make sure ports are open.

See:

http://resources.arcgis.com/en/help/main/10.1/index.html#//015400000537000000

I see in Server Manager that the World Wide Wed Publishing is Started and set to Automatic. I restarted it.

The Windows Firewall Service is Started and set to Automatic. I restarted it.

Still the same results.

In Services Manager, I checked Windows Firewall with Advanced Security, says Firewall is off.

ThomasMontefusco · ‎07-29-2013

Check to see if one of these bugs applies:

Bug NIM-087508
Cannot configure ArcGIS Server to use Active Directory as the identity store if the user account provided is restricted from logging onto the Active Directory host.
http://support.esri.com/en/bugs/nimbus/TklNMDg3NTA4

Fixed in 10.2

Bug NIM-087257

Users in a lot of groups cannot authenticate when using HTTPS, ActiveDirectory, and web tier authentication together.

Workaround:

1. Open arcgis/server/framework/runtime/tomcat/conf/server.xml in a text editor.
2. Look for this text at the end of the file:

<Connector SSLEnabled="true" clientAuth="false" keyAlias="SelfSignedCertificate" keystoreFile="/opt/esri/3135_upgrade/arcgis/server/usr/config-store/machines/RHDAILY.ESRI.COM/arcgis.keystore" keystorePass="<blah blah blah>" maxThreads="150" port="6443" protocol="org.apache.coyote.http11.Http11Protocol" scheme="https" secure="true" sslProtocol="TLS"/>

3. Insert maxHttpHeaderSize="65535" as an attribute of the XML so that it looks like this:

<Connector SSLEnabled="true" clientAuth="false" keyAlias="SelfSignedCertificate" keystoreFile="/opt/esri/3135_upgrade/arcgis/server/usr/config-store/machines/RHDAILY.ESRI.COM/arcgis.keystore" keystorePass="<blah blah blah>" maxThreads="150" port="6443" protocol="org.apache.coyote.http11.Http11Protocol" scheme="https" secure="true" sslProtocol="TLS" maxHttpHeaderSize="65535"/>

BubbaHey · ‎07-29-2013

Even if the Firewall is disabled, make sure port 6080 is open. Also what path are you using to access Web Adaptor. For example:

http://localhost/arcgis/webadaptor

Did you enable SSL? If so, make sure you followed this procedure:

http://resources.arcgis.com/en/help/main/10.1/index.html#/Enabling_SSL_on_ArcGIS_Server_when_accesse...

TimHayes · ‎07-29-2013

Even if the Firewall is disabled, make sure port 6080 is open. Also what path are you using to access Web Adaptor. For example:

http://localhost/arcgis/webadaptor

Did you enable SSL? If so, make sure you followed this procedure:

http://resources.arcgis.com/en/help/main/10.1/index.html#/Enabling_SSL_on_ArcGIS_Server_when_accesse...

Yes, I am using http://localhost/arcgis/webadaptor

I cannot enablke SSL because I cannot gain access to:
http://gisserver:6080/arcgis/admin

TimHayes · ‎07-29-2013

Even if the Firewall is disabled, make sure port 6080 is open. Also what path are you using to access Web Adaptor. For example:

http://localhost/arcgis/webadaptor

Did you enable SSL? If so, make sure you followed this procedure:

http://resources.arcgis.com/en/help/main/10.1/index.html#/Enabling_SSL_on_ArcGIS_Server_when_accesse...

How do I check if port 6080 is open?

TimHayes · ‎07-29-2013

Check to see if one of these bugs applies:

Bug NIM-087508
Cannot configure ArcGIS Server to use Active Directory as the identity store if the user account provided is restricted from logging onto the Active Directory host.
http://support.esri.com/en/bugs/nimbus/TklNMDg3NTA4

Fixed in 10.2

Bug NIM-087257

Users in a lot of groups cannot authenticate when using HTTPS, ActiveDirectory, and web tier authentication together.

Workaround:

1. Open arcgis/server/framework/runtime/tomcat/conf/server.xml in a text editor.
2. Look for this text at the end of the file:

<Connector SSLEnabled="true" clientAuth="false" keyAlias="SelfSignedCertificate" keystoreFile="/opt/esri/3135_upgrade/arcgis/server/usr/config-store/machines/RHDAILY.ESRI.COM/arcgis.keystore" keystorePass="<blah blah blah>" maxThreads="150" port="6443" protocol="org.apache.coyote.http11.Http11Protocol" scheme="https" secure="true" sslProtocol="TLS"/>

3. Insert maxHttpHeaderSize="65535" as an attribute of the XML so that it looks like this:

<Connector SSLEnabled="true" clientAuth="false" keyAlias="SelfSignedCertificate" keystoreFile="/opt/esri/3135_upgrade/arcgis/server/usr/config-store/machines/RHDAILY.ESRI.COM/arcgis.keystore" keystorePass="<blah blah blah>" maxThreads="150" port="6443" protocol="org.apache.coyote.http11.Http11Protocol" scheme="https" secure="true" sslProtocol="TLS" maxHttpHeaderSize="65535"/>

I did this, and I do not even see this code in the xml file. Should I just copy and paste it? if so, where?

TimHayes · ‎07-29-2013

I did this, and I do not even see this code in the xml file. Should I just copy and paste it? if so, where?

Here is my server.xml file:

<?xml version="1.0" encoding="utf-8" standalone="no"?>


<Server port="6006" shutdown="SHUTDOWN">


<Listener SSLEngine="on" className="org.apache.catalina.core.AprLifecycleListener"/>

<Listener className="org.apache.catalina.core.JasperListener"/>

<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>

<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>


<GlobalNamingResources>
    
    <Resource auth="Container" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" name="UserDatabase" pathname="conf/tomcat-users.xml" type="org.apache.catalina.UserDatabase"/>
</GlobalNamingResources>


<Service name="Catalina">

    
    


    
    <Connector connectionTimeout="20000" maxHttpHeaderSize="65535" maxPostSize="10485760" port="6080" protocol="HTTP/1.1" redirectPort="6443" server=" "/>
    
    
    
    

    
    

    

    
    <Engine defaultHost="localhost" name="Catalina">

      
      

      
      

      
      <Realm className="org.apache.catalina.realm.LockOutRealm">
        
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
      </Realm>
      
      <Realm className="com.esri.arcgis.discovery.security.tomcat.realm.ArcGISRealm"/>

      <Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true" xmlNamespaceAware="false" xmlValidation="false">

        
        

        

<Context docBase="../../../../help/server_help" path="/arcgis/help"/>
<Context docBase="../../../../help/SDK" path="/arcgis/sdk"/>
<Context docBase="../../../../help/SDK/REST" path="/arcgis/sdk/rest"/>
<Context docBase="../../../../help/SDK/SOAP" path="/arcgis/sdk/soap"/>

   
      </Host>
    </Engine>
</Service>
</Server>

BubbaHey · ‎07-29-2013

If using http://localhost/arcgis/webadaptor try the FQDN instead. For example: http://bubba.bubba.com/arcgis/webadaptor

There are different ways, try netstat -an | find "6080" or telnet

telnet [domainname or ip] [port]