Getting Error when trying to set up Reports from the Survey123 Website (with our ArcGIS Enterprise Environment)

GregDunnigan · ‎06-16-2023

Asking this here in case anyone has a quick answer...have a ticket into ESRI Support as well.

First, this had been working previously. Last successful report generation was 5/26.

When trying to run a report from the Survey123 Website, we are are getting the attached error regarding:

'SSL routines:final_renegotiate:unsafe legacy renegotiation disabled'

We get this error when trying to run a report, and when trying to add a new Report Doc Template file. Full screenshot of error message in attached picture.

SheikhHafiz2 · ‎09-03-2023

Hi ZacharySutherby,

I am wondering if you got any solution to the issue? We are having same issue and we are using ArcGIS Enterprise 10.9.1 on Windows Server 2019 that does not support TLS 1.3.

ReggieSanders · ‎09-20-2023

Was there a work around to this yet? Was working fine in June. Now running into the same issue.

AndrewBowne · ‎09-20-2023

Have you checked your cert chain using: https://www.ssllabs.com/ssltest/analyze.html ?

GregDunnigan · ‎10-13-2023

@ReggieSanders @SheikhHafiz2 Were you ever able to find a work-around for this besides giving up on Survey123?

ChrisBeaudette · ‎10-13-2023

@ReggieSanders we'd be interested to know if you're living with this issue or working around it, and if working around it how you did so.

ReggieSanders · ‎10-13-2023

Still dead in the water I talked a little with one of our ESRI reps and he had some ideas of maybe fixes but they seemed pretty involved and probably going to have to our IT department pulled in.......not looking good honestly but well see I guess

SheikhHafiz2 · ‎10-15-2023

Hi @GregDunnigan,

I asked our IT department if there is any way to enable that Secure Renegotiation without upgrading Windows Server. They did help us. NetScaler was being used as Reverse Proxy for our Portal site. Instead of NetScaler, our IT Department placed Azure Front Door as the Reverse Proxy.

This resolved the issue.

ChrisBeaudette · ‎10-13-2023

We have a couple of different workflows that both go through survey123.arcgis.com: one from a web client and one from PowerAutomate. For both we are implementing server-side workarounds that involve accessing the survey data in an enterprise geodatabase from either PowerBI or an automated python script using arcpy.

To be clear: this is occurring due to the hosted survey123.arcgis.com solution (running in NodeJS) getting an upgrade that uses OpenSSL3, which requires that secure renegotiation be configured for any requests that it makes to external resources. That is, where survey123.arcgis.com is the client making https requests to external servers. If one of those external resources is your ArcGIS Enterprise software stack then you either have to put a load balancer that supports secure renegotiation in front of your ArcGIS Enterprise deployment, or wait for Esri to release a patch for ArcGIS Enterprise where its stack supports secure renegotiation, or use a workaround (server-side or otherwise).

We have approached Esri on a few fronts and are working with their professional services team to provide an ArcGIS Enterprise solution to this issue.

ChrisBeaudette · ‎12-29-2023

Our "final" solution to this was to install the Survey123 Website "locally" on our web adaptor servers that sit in front of our ArcGIS Enterprise stack. So we are no longer accessing survey123.arcgis.com at all. It's a pretty simple installation and turned out to be much simpler than any other alternatives.

That said, the Survey123 website is about to have an upgrade released (v3.19) which may end up having the same OpenSSL3 version issue that the current survey123.arcgis.com website has. We installed v3.18.54 and will probably keep it at that until we have a good reason to upgrade or we have resolved the secure renegotiation in our Enterprise stack, which ever comes first.