Is it possible to reset the password for the identity store while the server is not running?

3216
1
Jump to solution
11-06-2015 07:20 AM
RickThiel
Occasional Contributor

Hello GeoNet,

We are running ArcGIS Server 10.2.1.  Yesterday I was trying to configure our TEST environment to use "HTTP or HTTPS" by following the step-by-step instructions from ESRI. During the process it appeared to "hang" and then I noticed that the network-account that we use to connect to our identity store became locked.  Oh boy, did that ever cause problems!  This same network account is used by all of our TEST/QA/PROD ArcGIS Server environments to connect to the identity store.  That is obviously a problem we will have to fix at a later date.

The effect of all that: when the account became locked no one could see the map services that they should have access to.  When IT Security unlocked the network account for me, then everything worked again.  It caused a great panic for me when everything went down.

Later, I went into the ArcGIS Server Administrator tool (http://localhost:6080/arcgis/admin/security/config/updateIdentityStore) to see if there was a problem with the accout information that we have for the identity store.  The only button at the bottom of the page is the UPDATE button.  I clicked it... THAT WAS A BIG MISTAKE!

IdentityStore.PNG

I noticed that after hitting the update button, the value for adminUserPassword appeared to change. Pressing update again gave me this error:  "Failed to update the identity store configuration. Could not configure the identity store as one or more of the supplied parameters is incorrect. Verify that you can connect to the identity store outside of ArcGIS Server using the same parameters."

Now everytime that I try to start ArcGIS Server in our TEST environment, it locks the network account that we use for identity store.  So essentially I have had to shut down our TEST environment until I can get this fixed.

I did some research...  I see that there is a config filed stored on the shared drive that we use for ArcGIS Server, which is located here: ..\arcgisserver\config-store\security\security-config.json.  The contents of the file looks like this: 

{
  "securityEnabled": true,
  "authenticationMode": "WEB_ADAPTOR_AUTHENTICATION",
  "authenticationTier": "WEB_ADAPTOR",
  "userStoreConfig": {
    "type": "WINDOWS",
    "properties": {
      "adminUserPassword": "aztEu+yKU7sSQrtvtUu3ATxk9X7MwcD7aK9dlIp0e6A=",
      "adminUser": "[I deleted the userid for this post]"
    }
  },
  "roleStoreConfig": {
    "type": "WINDOWS",
    "properties": {
      "adminUserPassword": "aztEu+yKU7sSQrtvtUu3ATxk9X7MwcD7aK9dlIp0e6A=",
      "adminUser": "[I deleted the userid for this post]"
    }
  },
  "sslEnabled": true,
  "httpEnabled": true,
  "virtualDirsSecurityEnabled": false,
  "allowDirectAccess": true
}

My question is this: Is it possible to enter the correct password in there so I can start the ArcGIS server again?  It looks encrypted. If I enter a clear text password in there, will it work?

0 Kudos
1 Solution

Accepted Solutions
RickThiel
Occasional Contributor

Update:  I worked with Dennis from ESRI to resolve this issue.  The answer is "YES" you can modify the config file located here:  ..\arcgisserver\config-store\security\security-config.json

To be safe, please make a backup of that file before modifying it.  I entered the password in clear text and saved the config file.  Then I started the Windows Service: ArcGIS Server.  When the ArcGIS Server was up and running, I was able to go into the admin tool again.  I went to this address: http://localhost:6080/arcgis/admin/security/config/updateIdentityStore

The password was still in clear text (which is not what you want).  So I hit the update button again and it re-encrypted the password.  All done, all working again.  Thanks Dennis at ESRI!

View solution in original post

1 Reply
RickThiel
Occasional Contributor

Update:  I worked with Dennis from ESRI to resolve this issue.  The answer is "YES" you can modify the config file located here:  ..\arcgisserver\config-store\security\security-config.json

To be safe, please make a backup of that file before modifying it.  I entered the password in clear text and saved the config file.  Then I started the Windows Service: ArcGIS Server.  When the ArcGIS Server was up and running, I was able to go into the admin tool again.  I went to this address: http://localhost:6080/arcgis/admin/security/config/updateIdentityStore

The password was still in clear text (which is not what you want).  So I hit the update button again and it re-encrypted the password.  All done, all working again.  Thanks Dennis at ESRI!