Latest Contributions by PaulDavidson1

Portal license transfers are like Server transfers. They require you work directly with your Esri account rep. -Paul Davidson ... View more

Jay:  Check out the ArcREST interface on GitHub.  Lot of admin tasks can be scripted via it. ... View more

I'm watching this with interest. I would have to say that what you're trying to do is not possible. If you were changing only the data in the database then I think you might have a shot at it. But you're talking about making what sound like major schema changes. How is the mxd/feature service going to know that your schema has undergone changes. I believe Synch has to do with synching data, not schema changes. I'm hoping someone proves me wrong but I'll be very surprised if you can pull this off without having to update your mxd and republish your Feature Service. Best of luck. ... View more

You might try upgrading IE?  My version is 11.0.96. Are you running in Enterprise mode? I can't recall for sure, but I think the URL doubling at times appeared to be related to the security settings. Try toggling these settings? "Allow access to the Portal through HTTPS only" or "Allow anonymous access to your Portal" ... View more

Any idea why I'm able to Add Items in portal from the http server? Portal is set to https only and our Hosting Server is https only. The old server is set to http only. I can use these registered map services in Portal on maps just fine in most cases. There is one dev 10.4 server running that appears to offer up map services but then I can't put them on a map in Portal I have not tried to make a web app yet.  I saw similar behavior in AGOL. I could register http map services in AGOL when inside the firewall and place them on a map. But when I tried to create a web app or look at the maps via VPN, I cold no longer see the rest endpoints. I believe this is a well known issue with AGOL and one reason the local map widget was created. I can of course easily set these older servers to "http or https", as referenced above. But these are in use with mission critical stuff and are fickle. So I hesitate to change them out. Have you ever seen any problems from modifying the configuration  like that? And I assume I'd have to install the domain certificate on those services in order for them to respond correctly. Or will portal feed those servers the certificate and let them follow the chain out and use it. I do have a test server I'll do it on first but it's just not as heavily loaded... Thanks ... View more

BTW - we have had all sorts of bizzare issues with IE when running in compatbility mode. Most were related to moving between menu items. Doubled up URLs (it would show the selected menu item path and then prepend the home path) And other odd things. I was told by Esri that: Compatibility mode was introduced at IE8, and essentially tells your browser to treat web sites as if it was using IE7. Portal for ArcGIS does not support IE7. Supported web browsers For the best performance in the portal website, use the latest browser versions listed below. The scene viewer has its own browser and hardware requirements. Some of the common clients of Portal for ArcGIS have different requirements. See their documentation for details. • Microsoft Internet Explorer 9 and higher. • Microsoft Edge • Mozilla Firefox (version 10 or later) • Google Chrome (version 10 or later) • Safari • iOS Safari • Android Browser • Chrome for Android Yep, it's not optimal to have to turn off compatibility mode but there it is.  Ongoing browser wars, what can you do. ... View more

When you install your WA for the server and portal you'll tell it to use SSL.  It should then find your cert and set things up correctly: About ArcGIS Web Adaptor—Installation Guides (10.4) | ArcGIS for Server FYI....  I've done a portal setup with hosting server and datastore by hand and by using the Esri Chef Cookbook. Originally I was convinced we'd need individual machines for each component. I've since been convinced that an all in one box is the way to go.  At least for now. We're in a very nice Netapp/VM Shpere environment so we can easily add resources on the fly if we find we're under powered.  We might someday have to separate out the DataStore to its own VM but so far not. Once I started using Chef, I haven't looked back.  However, I would say that a full install by hand is a good learning process so you understand the pieces and how they fit together.  But Chef is the way to go as far as I'm concerned. Note that I had to modify the SSL setting in IIS for the Portal site in order to allow clients to log into Portal.  They were getting 403 Errors until I did the following: Originally the SSL settings on Portal WA (in IIS) was set to Accept Client certificates. I had to change it to Ignore Client certificates. This was probably because this was a Development Portal and the other two users were developers who had self-signed certificates that they would pass back to Portal that Portal would then reject.  If they installed the domain cert, then all was but we don't want to have to push the domain cert to all of our users.  "Ignore client certs" just means the server will pass the cert to the client and the client will then verify it's validity and they'll handshake and makeup and go on their merry way. At least, that's been my experience. I did just notice that the SSL setting of my server WA (and the default site) still has "accept client certs" selected.  But our users are coming in via Portal so not sure that setting matters. Good luck ... View more

Hi Jacob: Can you expound on this statement:" just map everything to the HTTPS connection" Are you saying, we can register an older http: map service with Portal but then just share the https connection that Portal will be serving up? The part that I'm confused by is that I can Add Item from our older 10.1, http servers and they show up in Portal just fine. At this point, I have the Hosting Server using HTTPS Only and Portal has Allow access to the Portal through HTTPS only. I'm confused as to how the older non https server is able to communicate with Portal since it's not speaking Https. I must have missed something in my reading (or I skipped over it...) I have other things that I need to learn & understand about Portal (annotation won't import in a zipped file.gdb but will show from the old map service... etc... but I think these are hijacking this thread and belong in their own) Thanks... ... View more

Yep, that's a very different scenario.  Our IT department is much more flexible than many organizations I've dealt with over the years.  Of course, we're only serving about 700 employees (w/ 40 in IT) so we can be more flexible.  I've been in your situation and frankly, it's no fun to be at the mercy of others.   Especially when it's a large, ponderous beast.  As the manager for our GIS and Maximo IT programs, I get to control our servers.  And I can walk a few doors down and talk to with our leads for AD, Systems, Network or even the CIO. That's very different than being at the whims of the ponderous IT group. It used to be that Portal did not require SSL but only considered it Best Practice.  Your point is valid.  But I would think just about any IT dept in this day and age already has CA in their systems and would support your efforts for security.  But there are always the exceptions. Best of luck ... View more

I agree with Randall and Jacob.  Maybe things have gotten much simpler since 2012? But setting up our Domain cert with Portal, etc... seemed very straight forward. But to clarify, our Cert was given to me by our AD administrator. I have had some confusing issues with the self-signed cert getting in the way and giving us untrusted cert issues.  But I think I have learned to take the domain cert and install it on the servers in Trusted Root before starting the installation of anything Portal related. I've also found that using the Chef Cookbooks has greatly simplified the Portal creation process. ... View more

If we set AGS to be http and https, but Portal is https only, can we add unsecured map services from older, existing AGS boxes (10.1) that are http only? How does Portal handle that?  Does the Hosting Server convert the http output to https and feed that to Portal or does Portal basically step out of the picture when it comes to handling services and they're taken care of by the HServer? hope that makes some sense. ... View more

BTW - you should only need to put the domain cert on the servers. If you do that and are using IIS, then you need to set the SSL setting in portal and server to Ignore client certificates. Or you could do as Jacob describes and push the domain cert to all your users and then accept client certs. But I'm not sure what happens when a client has a self signed cert and a domain cert.  If it sends the self-signed cert, then they're going to get a 403 error when trying to log into Portal. I just struggled with that setup on a test portal. One of my users could connect, then not connect, then connect. I finally looked at IIS and realized that the issue was he was doing some development work and sometimes had the domain cert installed, then he removed it, etc... I think it's better to have the client just accept the domain cert from the server, verify it's chain and authenticity and then you're done. Note that you will get untrusted warnings when you're on the server itself and going to localhost. localhost knows no domain.  I just use the FQDN when working on the server and then it snaps to the domain cert. Jacob: Do you know what happens in the case of a self signed and domain cert on a PC?  Probably only going to happen with developers. ... View more

That sounds like you might have some issues with IWA?  or is it a Linux setup? I'm working through similar issues except I can get in fine (usually) but other users have issues. It appears to be related to the security settings in Portal and IIS. ... View more