Is it possible to reconfigure Web Adaptors after a DNS Alias has been set on the Server?

MonicaBeaton · ‎11-19-2024

Hello, I installed Enterprise for ArcGIS 11.3 in a Testing Environment and Portal for ArcGIS with them both federated together in a Windows Server environment (SQL). Our IT Dept. then created a DNS alias on the Server so I could add a new site certificate from Go Daddy (wildcard) that they had acquired. I am now unable to reconfigure the web adaptors or access my Site. Is it even possible or do I have to recreate the entire architecture? Thanks!

MonicaBeaton

Thank you kindly for your responses!

In the end, I was able to save the deployment with the help of ESRI Technical support. We removed the web adaptors, reconfigured the IIS binding to not have a website associated with it, changed the SSL back to self-signed certificate for the backend and then added back the two web adaptors. It's all running smoothly now and yes, all components are on one machine. I appreciate your comments! I had never heard of Sectigo Certs before.

View solution in original post

JakeSkinner · ‎11-19-2024

Hi @MonicaBeaton, you should still be able to access Portal through the following URL (https://machinename.domain.com:7443/arcgis/home). Starting at Enterprise 11.4, you can now update your Organization's URL:

https://enterprise.arcgis.com/en/portal/latest/administer/windows/update-the-organization-url.htm

If possible, I would recommend upgrading to 11.4.

DavidColey · ‎11-19-2024

Hi @MonicaBeaton - can you describe your deployment? Is this a base deployment or is this a fully distributed deployment, with the web server hosting your web adaptors, the Portal for ArcGIS, ArcGIS Server and the ArcGIS Relational Data store on separate servers?

We use Sectigo certs. Because we are on a fully distributed system using F5 as our front door (can't really call it a reverse proxy) the web server is only aliased on the F5, and not in the DNS. This is so that the full Sectigo trust chain can be or is first setup on the web server. Then, at initial setup for each component, I needed to import both the root and intermediate certificates. finally, I needed to import the pfx generated by our EIT Security team.

If this is a base deployment, with all components on a single server, I would think that as long as the trust chain is in place, and your IT has provided you with the root and intermediate certificates and a pfx you should be able to re-import them. Once in place, you can remove any old certificates.

MonicaBeaton

Thank you kindly for your responses!

In the end, I was able to save the deployment with the help of ESRI Technical support. We removed the web adaptors, reconfigured the IIS binding to not have a website associated with it, changed the SSL back to self-signed certificate for the backend and then added back the two web adaptors. It's all running smoothly now and yes, all components are on one machine. I appreciate your comments! I had never heard of Sectigo Certs before.