Port used for "Check for ArcGIS Enterprise Updates" utility

978
7
03-14-2019 08:33 AM
MichaelSchoelen
Occasional Contributor III

What port is being used for the "Check for ArcGIS Enterprise Updates" utility? We opened 443 in our firewall on a usually disconnected server, and can hit www.arcgis.com:443 in Internet Explorer. But the tool returns an error:

Your computer appears to be offline. Check your Internet connection and try again.

Network connection error.

OfflineNetwork

0 Kudos
7 Replies
JonathanQuinn
Esri Frequent Contributor

I set the utility to use Fiddler as a proxy and it actually goes through HTTP:

The "patches" key in the response has all of the patches available for 10.6.1, for example. Try to let 80 through your firewall or configure the utility to use a forward proxy.

0 Kudos
MichaelSchoelen
Occasional Contributor III

Is it possible to use a proxy on port 443? Or does the Esri download endpoint only respond to port 80? If the latter is the case, we'll just do offline downloads and installations because of security. 

0 Kudos
JonathanQuinn
Esri Frequent Contributor

That endpoint is available over https (https://downloads.esri.com/patch_notification/patches.json), so if you can sort out a way to translate the request from 80 to 443, and back from 443 to 80, that may work? Worst case you'll need to download them manually. We'll update the utility.

MichaelSchoelen
Occasional Contributor III

All good. For now we're just downloading the patches manually into a folder and pushing them to the servers with Chef. 
Updating the utility would be great! I've added it as an idea:

https://community.esri.com/ideas/16499-use-port-443-for-check-for-arcgis-enterprise-updates-utility 

City_of_LakelandGIS
New Contributor III

Jonathan,

Any update on the update to the utility, namely use over 443?  Thank you!

0 Kudos
JonathanQuinn
Esri Frequent Contributor

No, the change hasn't been made yet. You can track the status of this bug for more information:

BUG-000121591 Patch Notification: The URL referenced to the patches.json file should be HTTPS only

0 Kudos
JosiahThoen
New Contributor II

There are several hidden switches in the utility.  Passing a -u allows you to change the url the patches.json is downloaded from.  If you download the patches.json from https://downloads.esri.com/patch_notification/patches.json you can change the http:// addresses to https://.  Then rehost the file on a web server.  You can then call the bat file with the new switch and the new url.

  1. Download https://downloads.esri.com/patch_notification/patches.json
  2. Find and replace http: with https in the file
  3. Save and place the file on a web server.
  4. From the command line on your arcgis server run the following:

patchnotification.bat -c -u https://<YOUR SITE>/patches.json -i all

I did have to rerun the command for each patch as it would close after installing a single patch but this was quicker then downloading and installing them.

0 Kudos