AGS not working when bounding new SSL certificate in IIS

909
4
07-09-2018 04:50 AM
MetralAlexis
Occasional Contributor

Hi there,

We have applied a new SSL certificate to our server hosing ArcGIS Server and since then, it's impossible to connect to ArcGIS Server anymore.

Our IT support has trouble shooted the issue and they still try to figure out what's the issue. Here is their input, any clue would be much appreciated.

Thanks.

 

Last June, we tried to apply a new certificate on the ArcGIS server. The latter did not apply correctly. So I deleted them and requested a new valid certificate. However, when I bound the certificate in IIS, ArcGIS stopped working.

I can no longer access the "AcrGis Server Manager" web page by https://ourserver:6443/arcgis/manager/

IE tell me that the web page is not available.

The Microsoft Security patches of June have been applied in a same time.

 

It seems to be a problem between IIS and ArcGIS.

  • I tried to unbound the certificate, same issue
  • I tried to reboot the server, same issue.
  • I uninstalled the Microsoft Security patches, same issue

  • I tried to re-bind the last certificate, same issue.

The only way to bring back the application functional is the reinstallation of IIS.

But as soon as I reboot the server, ArcGIS stop working again, same issue.

 

I need your help to understand the reason why ArcGIS stop working.

I would like to understand how ArcGIS is called through https://ouserver:6443/arcgis/manager/

Have you ever seen this kind of issue?

0 Kudos
4 Replies
AaronLowe
New Contributor III

I just encountered this issue after installing windows updates.  Backing out the updates didn’t fix it.  Have you found a fix yet?

0 Kudos
MetralAlexis
Occasional Contributor

Hi Aaron,

Unfortunately not yet.

We are working on that with ESRI support but it’s not fast.

I will update that post when I have more information.

Alex.

0 Kudos
MetralAlexis
Occasional Contributor

Ok so here is what we did with ESRI to temporally fix the issue :

  • We removed all the ssl certificates from ArcGIS Server but the self-signed one (in the admin console)
  • We set the Log On property of the ArcGIS Server Service to Local System Account
  • We created a .\ags local user with the Windows User and Groups utility
  • With the Configure ArcGIS Server Account tool -> We changed the ags domain user by the local one
  • We gave full control to the local ags account to C:\arcgisserver, C:\Python27 and C:\Program Files\ArcGIS folders
  • We Refreshed the ArcGIS Server service to see if the local account was the one running the service
  • We gave access to the local account the the data managed on the localhost

 

At least it fixed the issue temporally with access to local data stores ans AGS is accessible for the end users through the same webadaptor without having to do any changes on their side.

Tomorrow we will try to get the domain account back because it's part of our initial implementation and we need AGS to access network data stores.

Alex.

0 Kudos
MetralAlexis
Occasional Contributor

Ok so it’s fixed,

 

We reused the Configure ArcGIS Server Account tool to set the original domain account back as AGS user and it worked.

 

We are still wondering why. It’s like something somewhere broke the relationship between the domain ags user account and ArcGIS Server. Changing for another user and back to the original one fixed that relationship.

Basically you can try this :

  • Use the Configure ArcGIS Server Account tool and set another user to run ArcGIS Server
  • Use again the Configure ArcGIS Server Account tool and set the original user to run ArcGIS Server

 

We applied the last windows update and rebooted the server and everything works fine.

 

We will speak with ESRI later to see if they understand what was the issue.

 

Al.

0 Kudos