I am trying to set up the license server administrator so that it works for my organization.
We are using portal 10.7.1 and my users are GIS Professional Advanced.
We are using portal 10.7.1. I have set up the licensing server 2019 on our portal machine and up until a few weeks ago it was easy for named users to use the portal top authorize their ArcGIS PRO.
then something changed.
Now only 3 of my users can use the portal to Authorise ArcGIS PRO and they are all on the same local network.
The other users (some of whom are on a different network) have this problem. When they are on the VPN they cannot access our portals URL. So this means that ArcGIS PRO cannot find the portal to perform the authorization. However, they can ping the machine that is running the licensing server and can get a response.
If they disconnect from the VPN they can access the Portal URL, however when we try to use the URL to authorize ArcGIS PRO we get the following message: A valid ArcGIS Licensing manager for your licensing portal cannot be found on the specified host.
which is not true because there is a valid one running as some users CAN access the licensing server.
So, I need to figure out if this is a network issue or if its a configuration issue or what.
I have edited the service.txt as follows:
SERVER this_host 00505690f6eb 27000
VENDOR ARCGIS PORT=27009
and I have enabled 27000 and 27009 on the firewall
But still no luck.
I then checked ands saw that there were occasionally issues with the flexlm service and that the users fixed it by adding FLEXLM_TIMEOUT with a value of 100000000 to their environmental variables. I have done that on the server and client machines and this has not helped.
So my question is. how does ArcGIS Pro communicate with the licensing server when it is not on a local network? if I know that then I may be able to start troubleshooting this.
Also, is the GIS Professional advanced user type one that can be solely administered via the portal or is there a requirement for them to use arcGIS online?
in terms of solutions, the best I have found is a vague mention of an http tunneling server but I cant find the details of how this is configured.
Also, If anyone else has had this sort of problem then please let me know how you fixed it!
When a user starts Pro, it makes a request to the Portal for ArcGIS to load the logon dialogue. The user then signs in with an account that was assigned an ArcGIS Professional user type or ArcGIS Pro add-in license. Portal verifies the account and tells Pro to go to the specified license manager to retrieve the license. So Portal never communicate with the license manager. Basically Pro makes a call to Portal and then makes a separate call to the license manager. This is important when troubleshooting your situation.
First, let's look at the Portal connection. Local users can connect to the Portal and remote users can connect to the Portal. However, remote users using a VPN connection cannot connect to the Portal. Is the VPN connection to the same network where Portal resides or to another network? If the same network, open Internet Explorer and load the Portal Manager, https://<portalhost>/arcgis. If it does not load, there is obviously an issue with your network configuration.
Assuming the user can load the login dialogue in Pro and able to log in with a Pro enabled account, Pro will then attempt to connect to the license manager using TCP/IP protocol using ports 27000 and 27009 which you've previously defined. Make sure both inbound and outbound rules were define for these ports through your firewall.
To summarize, you have two separate issues:
Connection to your Portal from Pro through https
Connection to the ArcGIS License Manager through TCP/IP ports 27000 and 27009.
In both cases, Fiddler is a good tool to use for troubleshooting.
Hi, Thank you for your response.
It looks like it may be an issue with the way that our network is configured. however it does not look like it is a trivial thing to try and correct.
When on the VPN, I can connect via TCP/IP but cant connect to the portal website as they are on the same network.
When not on the VPN, I can connect to the portal website but cant connect to the licensing server.
Is there any way of configuring the way that the client machine communicates with the license administrator?
Currently it looks like its trying to connect to the licensing manager using 27000@SERVERNAME and it would be better if I could configure it to communicate through an external IP address so that it port forwards to the local one?
This is definitely a network issue. When on the VPN, your machine is connect to your network. This is why you're able to connect to the license manager. You should be able to connect to the portal website as well. However, it sounds like you're using the public URL address to the portal. You machine is making a request outside your network and requesting a response back into your network. Take the VPN out of the equation. Go to machine inside your network, open a web browser and load the portal's website. Does it load? If it does not, talk to your network administrator. This is something he/she can easily fix.
When you're not on the network, you can connect to the Portal because it's configure for public use. However, the license manager still resides on a machine inside your network, behind your network's firewall. You must open the communication ports through the firewall. The following link provides more detail concerning ArcGIS License Manager and firewalls:
If you want to use ArcGIS Pro outside your network, configure your portal to be accessible publicly and also configure the firewall for the ArcGIS License Manager to be accessible outside your network. In your situation, your portal is already configure to be publicly accessible. You just need to follow the steps in the link above to make your license manager accessible.
If you want use your VPN connection to your internal network, use the internal portal website or make sure machines internally can access the the external portal address.