Trying to federate server using this guide for 10.5.1:
Federate an ArcGIS Server site with your portal—Portal for ArcGIS (10.5.x) | ArcGIS Enterprise
Running into this issue...
"The server at 'https://[internal machine address]6443/arcgis/admin/security/config/update' returned an error. Failed to update the security configuration. Cannot update security configuration to federate with Portal as server is not registered with Portal. Could not connect to the ArcGIS Server on machine '[Internal machine address]'.The ArcGIS Server service on that machine may not be running or the machine may not be reachable at this time."
I am a bit confused because the current documentation does not mention registering a server with Portal prior to attempting federation. Is there a step or process I am possibly missing?
Hello Jonathan,
I am running into issues also when trying to federate a HA gisserver site (2 server deployment) to a HA portal.
The HA gisserver site was setup with S1 and S2, these were joined and webadaptors for both giiservers were installed. I have read, that the webadaptors was not necessary in the case of federation, but it has already been installed. Do I need to remove these?
The gisserver urls for service and admin for both gisserver resolves in a browser.
( https://S1.domain.com/arcgis & https://S1.domain.com:6443/arcgis; https://S2.domain.com/arcgis & https://S2.domain.com:6443/arcgis => all resolves in a browser)
Furthermore the HA portal was setup using p1 and p2 and these were joined. w1 and w2 were installed. Context name is portal.
Microsoft Loadbalancer is used to setup LB1. The webcontexturl was set in portaladmin to point to LB1 (https://LB1.domain.com/portal)
The portal home and admin page resolves.
https://LB1.domain.com/portal and https://LB1.domain.com/portal/portaladmin
The requirement is to have the HA gisserver site federated to the HA portal and set this as a hosting server.
These are the steps which were taken:
1. A second loadbalancer (LB2) was setup, using Microsoft LB. (is practically setup just the same as LB1)
2. In portaladmin the PrivatePortalURL was set to point to the second loadbalancer (https://LB2.domain.com:7443/portal
I now need to federate the HA gisserversite, but I need a Service URL and Admin URL to point to where both S1 and S2 are accessible in the event one of these fails.
So I used the following to federate within https://LB1.domain.com/portal/home:
Service URL => https://LB1.domain.com/arcgis
Service Admin URL => https://LB1.domain.com:6443/arcgis
Both of them resolves in a browser, but federation just returns an error stating that https://LB1.domain.com:6443/arcgis is not accessible.
Port# 6443 & 7443 has also been set in Windows firewall as inbound and outbound rule.
What am I missing?
Thanks
Michelle
Seems like things are set correctly.... the web adaptors for Server aren't necessary unless you want IWA on the Server side as well as the Portal, which is supported at 10.6. If you federate with Portal logging DEBUG logs, do you see any errors?
Can you open this URL:
https://lb1.domain.com/portal/sharing/checkUrl.jsp?url=https://lb1.domain.com/6443/arcgis/admin
That would tell you if Portal can reach the URL you're providing. If it can't, (the response code won't be a 200), then the Portal logs should indicate the problem.
Jonathan,
I checked the following URL
<https://community.esri.com/external-link.jspa?url=https%3A%2F%2Flb1.domain.com%2Fportal%2Fsharing%2FcheckUrl.jsp%3Furl> https://lb1.domain.com/portal/sharing/checkUrl.jsp?url= <https://community.esri.com/external-link.jspa?url=https%3A%2F%2Flb1.domain.com%2F6443%2Farcgis%2Fadmin> https://lb1.domain.com/6443/arcgis/admin
Here is the result:
cid:image002.png@01D3EEA2.A441BA80
ArcGIS Server, Datastore and Portal service are all started..
Here a snippet from the logs
Michelle
Hi Michelle,
When I look at this quote from your post:
"In portaladmin the PrivatePortalURL was set to point to the second loadbalancer (https://LB2.domain.com:7443/portal"
I actually think it should be https://LB2.domain.com:7443/arcgis
If you load balace traffic over port 7443 then your context is arcgis, not your webadaptor's "portal"
Hi Szymon/Jonathan,
I changed the PrivatePortalURL to <https://LB2.domain.com:7443/arcgis> https://LB2.domain.com:7443/arcgis.
I restarted portal service.
I tried federating again:
First with <https://LB1.domain.com/arcgis> https://LB1.domain.com/arcgis and <https://LB1.domain.com:6443/arcgis> https://LB1.domain.com:6443/arcgis
Second with <https://LB2.domain.com/arcgis> https://LB2.domain.com/arcgis and <https://LB2.domain.com:6443/arcgis> https://LB2.domain.com:6443/arcgis
Neither ADMIN URL were accessible, when trying to federate.. Getting the same error .., however both resolve in a browser.
I also checked the following URL
<https://community.esri.com/external-link.jspa?url=https%3A%2F%2Flb1.domain.com%2Fportal%2Fsharing%2F...> https://lb1.domain.com/portal/sharing/checkUrl.jsp?url= <https://community.esri.com/external-link.jspa?url=https%3A%2F%2Flb1.domain.com%2F6443%2Farcgis%2Fadm...> https://lb1.domain.com/6443/arcgis/admin
Here is the result:
ArcGIS Server, Datastore and Portal service are all started..
Met Vriendelijke Groet/Kind Regards,
Michelle
Are your SSL certificates OK? Do you get errors/warnings in browser when you examine the URLs? Try IE/FF/Chrome, perhaps one of them will compain?
Hi Szymon,
We are using SelfSigned cert, since we are working through the setup yet. Does this have an impact on the federation?
I can reach <https://LB1.domain.com:7443/arcgis/sharing/rest> https://LB1.domain.com:7443/arcgis/sharing/rest, however this just resolves in <https://S1.domain.com:7443/arcgis/sharing/rest> https://S1.domain.com:7443/arcgis/sharing/rest in IE/Chrome/FF => opens the gisserver1 page.. Is this normal?
I can also reach <https://LB2.domain.com:7443/arcgis/sharing/rest> https://LB2.domain.com:7443/arcgis/sharing/rest
Federation in IE/Chrome/FF: => all just keep returning the very same error:
First with <https://LB1.domain.com/arcgis> https://LB1.domain.com/arcgis and <https://LB1.domain.com:6443/arcgis> https://LB1.domain.com:6443/arcgis
Second with <https://LB2.domain.com/arcgis> https://LB2.domain.com/arcgis and <https://LB2.domain.com:6443/arcgis> https://LB2.domain.com:6443/arcgis
Here a snippet from the logs generated:
I’m not sure what else I am missing..
Michelle
Looking more i think you got your LBs mixed up:
Once your write that LB1 is for Portal:"https://LB1.domain.com/portal and https://LB1.domain.com/portal/portaladmin"
Then i can see this:"Both of them resolves in a browser, but federation just returns an error stating that https://LB1.domain.com:6443/arcgis is not accessible" <-- 6443 is Server!!!!
Then for LB2:
Once you state its for Portal:
" A second loadbalancer (LB2) was setup, using Microsoft LB. (is practically setup just the same as LB1)"
Then you mention it in context of Server (port 6443 is Server !)
"Second with <https://LB2.domain.com/arcgis> https://LB2.domain.com/arcgis and <https://LB2.domain.com:6443/arcgis> https://LB2.domain.com:6443/arcgis "
You must make sure that LBs are used in right order and purpose.
Make sure LB1 is pointing at your S1 and S2
Make sure LB2 is pointing at P1 and P2
Then privatePortalUrl is https://LB2.domain.com:7443/arcgis
And for federation use
Service URL => https://LB1.domain.com/arcgis
Service Admin URL => https://LB1.domain.com:6443/arcgis
Remember: when you see 7443 think Portal, 6443 think Server
Also if you see a port (7443 or 6443) in a URL then context is always /arcgis , ignore whatever webadaptor name as going via port ALWAYS SKIPS webadadptor and takes you directly to the service
Hi Szymon,
Ok, just to recap in order for me to have a clear understanding
I used the steps from
https://enterprise.arcgis.com/en/portal/10.5/administer/windows/configuring-a-highly-available-portal.htm
At Step 5 => The first Loadbalancer was mentioned.
Windows Loadbalancer was used to first configure LB1 (gisportal).
This is <https://gisportal.domain.com> https://gisportal.domain.com
I set the webcontexturl to <https://gisportal.domain.com> https://gisportal.domain.com/portal
We then intended to share https://gisportal/portal/home . This works fine.
Now at Step 8 an Internal Loadbalancer was needed to set the PrivatePortalURL
This was created the same way like LB1 using Windows Load Balancer software.
This became <https://portalcls.domain.com> https://portalcls.domain.com
In portaladmin I set the PrivatePortalURL to <https://portalcls.domain.com:7443/arcgis> https://portalcls.domain.com:7443/arcgis (using arcgis instead of portal as you had suggested)
All of these URLS resolve in a browser
Now when I tried federation =>
Service URL => https://LB1.domain.com/arcgis (https://gisportal.domain.com/arcgis)
Service Admin URL => https://LB1.domain.com:6443/arcgis ( <https://gisportal.domain.com:6443/arcgis> https://gisportal.domain.com:6443/arcgis)
cid:image004.png@01D3EEB3.96959B20
It just returns that its not accessible…
As long as the checkUrl request to your admin URL fails, (returns -1 for the status), you won't be able to federate. Sign onto the Portal machines as the user running the Portal service account and try to get to the admin URL as that user. It may be proxy related, or certificate related if the certificate is mismatched. Check the logs in Portal. You can use the same services URL as the admin URL if you want, there's no issue in doing so.