Unable to access portaladmin site using initial account

2352
4
Jump to solution
07-24-2018 08:15 AM
MichaelSchoelen
Occasional Contributor III

(Portal Version 10.5.1)

We deployed a portal using Chef. The installation directory is hosted on an auxiliary drive (D:) and the content is hosted on a file share. Ultimately, it will be HA, but we haven't gotten to the second portal yet.

For some reason, the initial admin account cannot log into the portal admin site (.../arcgis/portaladmin). We can log into the portal site itself, however. Because we are using a load balancer, we do not have a web adaptor.

Has anyone seen this before?

Tags (2)
1 Solution

Accepted Solutions
JonathanQuinn
Esri Notable Contributor

You can check the logs on disk to see if there are any errors.

You can also create the certificate with a SAN, which should get around the problem you ran into. If you're going to use the certificate at the LB as well, then anyone with access to the URL can look at the certficate information and see the internal Portal machine name, though.

View solution in original post

4 Replies
JonathanQuinn
Esri Notable Contributor

Do the logs have any errors about when the sign in failed? I assume you can generate a token through the Sharing API, (arcgis/sharing/rest/generateToken), considering you can sign in through the home app? What verison are you using? does the CN of the certificate used for 7443 match the hostname of the Portal machine?

MichaelSchoelen
Occasional Contributor III

Unfortunately, we can't get to the logs to debug anything, but you made a good point. This issue began when we added certificates into the mix, so that could be the problem. Because we're using a load balancer, the certificate name doesn't match the machine name-- so we might have to rethink how we get those certs to the end user.

0 Kudos
JonathanQuinn
Esri Notable Contributor

You can check the logs on disk to see if there are any errors.

You can also create the certificate with a SAN, which should get around the problem you ran into. If you're going to use the certificate at the LB as well, then anyone with access to the URL can look at the certficate information and see the internal Portal machine name, though.

MichaelSchoelen
Occasional Contributor III

Essentially that was the issue! We took the certificate off of the portal, and moved it up to the load balancer. That did the trick! Thanks.