POST
|
Ok. That sounds fine. I wonder if it is a permission issue of some sort. I would double-check to make sure the account running the Server service has full control to the <ArcGIS root>\Server\framework folder. If that still doesn't help, I would recommend contacting technical support to have someone review your system a little more closely.
... View more
02-27-2023
09:34 AM
|
1
|
1
|
616
|
POST
|
Hi Felipe, When you make any changes to the Server security configuration, Server should restart automatically. Just to be absolutely certain, you might try restarting the Server service. Limiting it to TLSv1.2 is fine. Was the 10.9.1 system upgraded from an earlier release? I ask because 10.9.1 only enables TLSv1.2 and TLSv1.3 by default so I was wondering if TLSv1.1 had been enabled previously from an older release. Also, are you using OpenSSL to validate what TLS protocols are enabled?
... View more
02-27-2023
08:48 AM
|
0
|
0
|
625
|
POST
|
I agree with what @DavidPike said. There is no way to automatically remove users from Portal once they have been removed from A/D. If you have a lot of users in Portal, using a Python script to return a list of users and their last login is helpful. I'll put in a plug for the next release of Portal. In 11.1, a new Python script is included with Portal that will identify users that no longer exist in A/D or LDAP and give you a much easier way to delete them all at once. A report is generated so you can review what was found before deleting them. If any of those old users own any items, a separate list is generated so you can do a bulk transfer of all the items to a different user prior to deleting them.
... View more
02-16-2023
03:19 PM
|
1
|
0
|
666
|
POST
|
I would double-check if there are any users in your Portal that belong to that OpenID Connect provider. If so, that is why it cannot be deleted. All users from that OIDC provider need to be deleted first before you can delete the whole thing. The error message should definitely be updated to reflect that.
... View more
02-03-2023
09:13 AM
|
1
|
0
|
796
|
POST
|
Yes, we do plan on providing a fix for this for 10.9.1 as a part of the next Portal security patch. We are hoping to have this available by early March.
... View more
01-30-2023
08:43 AM
|
3
|
0
|
686
|
POST
|
The behavior you are describing sounds like an issue related to special characters in the .pfx password that are getting misinterpreted by ArcGIS Server. That being said, a bug was logged several years ago for that issue specifically which was fixed in 10.7. BUG-000107534 - SSL Certificates with special characters in the password fails to import to ArcGIS Server. At 10.9.1 I wouldn't think you would run into that issue. If it is a password issue, a possible workaround would be to import the pfx into IIS (since that works) and export it to a new pfx with a different password.
... View more
01-17-2023
02:23 PM
|
1
|
2
|
1498
|
POST
|
Version B of this Portal for ArcGIS patch for 11.0 has just been released. It may take a little while to be listed in the Patch Notification tool, but it can be downloaded from the patch page. https://support.esri.com/en/download/8070
... View more
12-05-2022
11:42 AM
|
0
|
1
|
1064
|
POST
|
We have identified the source of this issue in the patch and confirmed that it only impacts 11.0. We are working to fix it and hope to have version B available soon.
... View more
12-01-2022
01:25 PM
|
1
|
2
|
1093
|
POST
|
Yes, there were some enhancements in 10.9.1 to validate the certificate used in the Server admin url. We didn't do this in 10.7 and while things still worked, there were some workflows that would fail if Portal did not trust the Server admin url certificate. Since you are receiving that error message, I would double-check that the root certificate and any intermediate certificates from the CA that signed your wildcard cert are imported into the portaladmin api under sslCertificates/importRootOrIntermediate. Once imported, make sure the Portal service restarts for the new certs to take effect.
... View more
11-18-2022
08:56 AM
|
0
|
0
|
2592
|
POST
|
Yes, I think the issue you are seeing is related to the certificate not being trusted. An easy way to check that is to use the checkUrl endpoint in the Portal sharing api (assuming HTML access is enabled). https://our.server/portal/sharing/rest/portals/checkUrl This will tell you if the certificate for that url is trusted or not. Assuming it is not trusted, you may need to import both the root and intermediate certificate for the CA that signed the certificate. Portal will need to restart after importing these certificates. Once restarted, use the checkUrl endpoint again to confirm it is trusted. To get copies of those root and intermediate certificates, the easiest way is to use Chrome or Edge to view the details of the certificate and you can export each one from there.
... View more
11-03-2022
08:27 AM
|
1
|
1
|
985
|
POST
|
@Jay_Gregory- Once support for SAML based groups was added to ArcGIS Enterprise around release 10.7, that became the recommended workflow. Technically using SAML for logins and LDAP for enterprise groups should still work though. A couple of things to double-check: * The username attribute used by SAML (corresponding to the "Name ID") needs to match the "usernameAttribute" specified in the group store configuration json string. If you are connecting to Active Directory, this is usually "sAMAccountName". * In the SAML login configuration in Portal, make sure the option to "Enable SAML based group membership" is disabled in the advanced settings. Since you want to use LDAP to manage group membership, you want to make sure Portal is not expecting groups to be passed in the SAML assertion.
... View more
10-07-2022
11:23 AM
|
1
|
0
|
845
|
POST
|
@MarGIS, I can't say for 100% that it is not supported but I have never seen one on Linux and from what I have read, if it were possible, it would not be straight-forward. I know you can federate a Linux server with AD but I'm not sure how Linux would utilize a gMSA without explicitly providing the password.
... View more
10-03-2022
03:26 PM
|
0
|
1
|
1007
|
POST
|
I'm not aware if gMSA accounts are supported on Linux in general, let alone in ArcGIS Enterprise on Linux. Is there a tool or utility you've used to utilize gMSA accounts from Linux?
... View more
09-29-2022
04:39 PM
|
0
|
3
|
1033
|
POST
|
I reviewed the attached spreadsheet and based on that, it appears the Nessus Scanners from Tenable are only inspecting the filename. I'm a bit surprised by that. I would have expected more in-depth examinations by the scanner. If you use another scanner like Logpresso, you should be able to confirm the log4j jars are patched. You are correct about how the patch handled the log4j jars files. For the log4j 1.x jars, the version was not changed but the vulnerable classes within the jar were removed (this includes the JMSAppender class). For the log4j 2.x jars, they were updated to version 2.17.1. Any log4j 2.x jars with the version as part of the filename were not deleted but all classes inside were removed. This was done to avoid potential conflicts with the patching process.
... View more
09-14-2022
08:57 AM
|
4
|
1
|
821
|
POST
|
Hi Kat, Yes, we are aware of this issue that has been logged as BUG-000151727. We've identified the problem and plan on releasing a revised version of the patch as soon as possible. Until then, there is not a workaround besides removing the patch. Jeff
... View more
08-22-2022
04:33 PM
|
2
|
1
|
707
|
Title | Kudos | Posted |
---|---|---|
2 | 02-05-2024 11:11 AM | |
1 | 01-16-2024 08:48 AM | |
1 | 05-12-2023 04:06 PM | |
1 | 02-03-2023 09:13 AM | |
1 | 03-03-2015 02:23 PM |
Online Status |
Offline
|
Date Last Visited |
2 weeks ago
|