One Web Adaptor Authenticates, the Other Does Not

230
2
08-28-2020 04:08 PM
WilliamCraft
MVP Regular Contributor

My client has a 10.7.1 ArcGIS Enterprise environment with the following configuration (all servers are Windows OS):

  • One single Portal machine
  • Two ArcGIS Server machines forming the Hosted site and thus federated with Portal
  • Two web machines, each containing a Web Adaptor for Portal and a Web Adaptor for ArcGIS Server
  • Portal is configured for Windows authentication
  • Web Adaptors for Portal are configured with Windows authentication only (IWA)
  • Web Adaptors for ArcGIS Server are configured for anonymous authentication only
  • Load balancer exists in front of the two web servers

I'm seeing an authorization issue when attempting to browse to ArcGIS Server Manager.  When I go through one of the Web Adaptors (we'll call it Web Adaptor 'A') via https://webserverA.domain.com/server/manager (where 'server' is the name of the ArcGIS Server Web Adaptor), I am signed in automatically with my Windows account as expected.  However, when I go through the other Web Adaptor (we'll call it Web Adaptor 'B') via https://webserverB.domain.com/server/manager, I get an "Unauthorized Access" message from ArcGIS Server Manager.  Is this behavior expected or is there something misconfigured?  I am thinking there may be a configuration issue... shouldn't I be able to get to ArcGIS Server Manager via either of the two web servers rather than just one?  I have re-registered the ArcGIS Server Web Adaptors with the site, but the issue still persists.  Does this sound like a federation issue potentially?  

Thank you in advance for your time and assistance.  

Reply
0 Kudos
2 Replies
ChristopherPawlyszyn
Esri Contributor

Hello William Craft‌,

If my suspicions are correct, it sounds like you may have federated with the webserverA.domain.com URL as the administrative URL, which would prevent access to the Server Manager page using a different URL, even an additional web adaptor that's registered with the ArcGIS Server site. This documentation goes into more detail under the 'Connect to Manager' sub-heading:

Administer a federated server—Portal for ArcGIS | Documentation for ArcGIS Enterprise 

Since the Server Manager page reflects the information for the entire site and is not machine-specific, it's usually not required to access it via a specific machine. Alternately, a load balancer could be placed in front of the ArcGIS Server web adaptors and that URL could be used as the administrative URL for additional redundancy.

Hope that helps!

WilliamCraft
MVP Regular Contributor

Re-federating fixed the issue, though this isn't an optimal solution if your Portal contains a good deal of content.  

Reply
0 Kudos