Portal 10.5.1 Federation- Error: The server at xyz.com returned an error. Invalid token.

2307
2
Jump to solution
03-12-2018 11:16 PM
JordanBaumgardner
Occasional Contributor III

We had the self-signed certs expire on an Azure VM created with CloudBuilder. I've gone through all the steps with generating, exporting, adding to the Trusted CA and updating to use the new certs on both Portal and ArcGis Server. Portal is stuck in this weird 1/2 way federated state. I can't un-federate and I can't seem to fix the current federation. 

Steps so far:

--- Arc Gis Server

- Set security to GIS_SERVER+  [I did this early on in an attempt to get logged in and now I can seem to set the "Portal Properties" section correctly to switch it back to Portal Auth]

- Removed all old SSL Certs

- Generate new cert

- Update to use new cert

- Export new cert

- Add cert to Trusted CA

-- I can login SSL

--- IIS

- Removed old cert

- Create new self signed cert

- Bind to 443

-- I can see https

-- Portal

- Set ssl cert to "portal"

- Remove old certs

- Generate new portal cert

- update to use new portal cert

- export new portal cert

- add new portal cert to trusted CA

-- I can login SSL

-- Portal | Federation | Servers | Validate ==>

ArcGIS Server services URL 'https://xyz.eastus2.cloudapp.azure.com/arcgis' cannot be validated against 'https://xyz.eastus2.cloudapp.azure.com/arcgis/rest/info'. If the service URL is a proxy URL verify it is accessible to clients.
Error: The server at 'https://xyz.xyyxxyy.cx.internal.cloudapp.net:6443/arcgis/admin/info' returned an error. Invalid token.

Any help is much appreciated.

0 Kudos
1 Solution

Accepted Solutions
JordanBaumgardner
Occasional Contributor III


1. Navigate to https://[YourHost]:7443/arcgis/sharing/
2. Login
3. Click on the “Org ID:” link

4. Click “Servers”
5. Click your server
6. Click “UnRegister Server”

I was then able to re-federate w/o issues.

View solution in original post

2 Replies
JordanBaumgardner
Occasional Contributor III


1. Navigate to https://[YourHost]:7443/arcgis/sharing/
2. Login
3. Click on the “Org ID:” link

4. Click “Servers”
5. Click your server
6. Click “UnRegister Server”

I was then able to re-federate w/o issues.

RobRader1
New Contributor II

Had the same problem occur as part of an upgrade, where the federated servers after the upgrade were no longer registered as federated. Had to re-configure the certificates, and this then left the portal thinking that the servers were registered and the servers believing they were stand alone. Since all the services i the recovery of the upgrade were lost on the server side, also needed to remove all the objects from the server to then re-publish after re-federating. 

This post helped find where they can be unregistered in Portal. The federation section of the portal admin, only has validate and unfederate. As the tokens in server did not match, neither the unfederate or the validation worked. I do recommend that Esri add an unregister to that Portal Admin Federation menu as well. This post helped a lot.

0 Kudos