POST
|
We recently upgrade to Esri ArcGIS PRO v2.4.2 and the python environment cloning through the GUI seems functional again. No need to use steps #1 and #2. We are still having problems adding packages through the GUI, so steps #3 and #4 is a viable workaround for us.
... View more
01-22-2020
01:55 PM
|
0
|
0
|
1648
|
POST
|
Hi Jonathan Quinn, The Esri portal for arcgis product sometimes makes server side requests to its fully qualified domain name (FQDN). Things like map printing, validating federated servers, etc. We also register our web-adaptors using the FQDN and setup server federation with the FQDN. With our agencies DMZ configuration, we have issues when the server in the DMZ needs to talk to itself (or other apps in the DMZ) on the FQDN. The FQDN resolves to an external IP address hosted on a content inspection web-application firewall (WAF) WAN interface. Traffic is terminated, then inspected. Validated traffic is then routed through a back-end internal (LAN) interface on that WAF. I dont have the full technical details/knowledge here, but I reached out to the network team, and they provided me this information: DMZ Application would like to access other DMZ application but using the DNS gives the IP address of the application Virtual interface on the Web Application Firewall. This can causes an issue with the Traffic reaching the external interface of the WAF but having the "client" residing on the internal interface. This create what is call asynchronous routing where the flow back and forth does not follow the same path and can cause issue (in this case the WAF receive on one interface IP and send on another thus looking like two different people ). So, as a work-around to this "asynchronous routing" issue, we typically did 1 of 2 things: Option 1 - Add a local etc/hosts entry on the 'client' server to resolve the FQDN to the actual server in the DMZ (usually to just itself, but sometimes to other applications/services hosted in the same DMZ). We also had to upload SSL Certificates to the DMZ servers with their FQDN as a SAN to deal with SSL trust issues. We do have issues with option 1 if there are routing rules sending traffic on a certain FQDN to multiple back-end servers (since these routing rules are not on the actual DMZ servers themselves). Option 2 - Add a local route on the 'client' server to resolve the FQDN to the private interface of the WAF. This was the preferred approach, but was only discovered a short time ago (so most legacy applications were still using option 1). For this specific environment, we actually moved it to a new DMZ environment that no longer has the same async routing issue (different story there). So our etc\hosts entry is no longer required. I do have a few other apps in the legacy DMZ environment (with the async routing issue), but this issue in this thread (re-direct to 7443) has not popped up there yet. Crossing my fingers it doesnt... --- From the local machine, When I access the https://localhost:7443/arcgis/sharing/rest, it re-directs me to the https://machine.domain:7443/arcgis/sharing/rest I do NOT currently have a privatePortalURL property set, and I think I'm going to keep it empty for now. Per the System properties—ArcGIS REST API: Administer your portal | ArcGIS for Developers - privatePortalURL—Specifies the internal URL that ArcGIS Server should use to communicate with the portal. This property is typically used when you have a highly available ArcGIS Enterprise deployment, or if the server cannot communicate directly with the portal machine. We do not have a highly available deployment, and our server machines can communicate with the portal on its FQDN. I'll look at this again if this (or another issue) crops up. Thanks!!
... View more
01-08-2020
04:48 PM
|
0
|
0
|
4000
|
POST
|
We had this issue today in a portal environment that has some complexities. The FQDN for the portal resolves to a firewall up the network stack and ultimately gets routed to this server. Removing the etc\hosts entry for resolving the FQDN to the local IP + restarting the portal was successful. However, we then had issues with the portal server unable to validate the federated servers since it was validating them on the FQDN. Basically the server has a hard time talking to itself on the FQDN since it resolves up the stack (we call this the notorious "U-Turn" problem). Adding the etc\hosts entry back in to resolve the FQDN to the local IP (without a restart) allowed the servers to properly validate again. Restarting the portal (with the etc\hosts entry) was then causing the re-direct again. So...... we have a little conundrum... Options: 1) Disable etc\hosts so the server can startup correctly, but ANY server side requests to the FQDN will fail 2) Enable the etc\hosts after the server is started so that server side requests to the FQDN are successful, but future reboots will cause an outage 3) Fix the notorious U-Turn problem (no confidence in this as this has been present for over 5 years with no acceptable resolution) #2 is not palatable as there are many patches that get sent in the middle of the night, multiple times a week, and some of those cause the OS to restart. Unsure why this started happening. This portal has been running for over 2 years already and this is the first time we have experienced this. We did recently add a new federated arcgis server site. We are running 10.6.1 Thanks!
... View more
12-19-2019
05:02 PM
|
0
|
2
|
3999
|
POST
|
Helpful information here. We have also been experiencing these challenges in ArcGIS PRO v2.4.1 (and possibly a few versions before this). More specifically, this is the workaround we have been using: 1) In Windows Explorer - Copy the built-in ArcGIS PRO python 3 environment to an alternate location ex - Copy: C:\Program Files\ArcGIS\Pro\bin\Python\envs\arcgispro-py3 To: C:\tmp\python\venvs\py3_pro241_copy 2) In ArcGIS PRO 2.4.1 - Add the copied python environment as a new environment Project -> Python -> Manage Environments -> Add -> Choose "C:\tmp\python\venvs\py3_pro241_copy" -> OK 3) Use pythons "wincertstore" module to download the trusted CA certificates on the windows machine*: In a python interpreter, run the following code to obtain a certificate bundle (pem_file) import tempfile import wincertstore cert_bundle_file = r'' with tempfile.NamedTemporaryFile(delete=False) as tf: for storename in ("CA", "ROOT"): with wincertstore.CertSystemStore(storename) as store: for cert in store.itercerts(usage=wincertstore.SERVER_AUTH): # Py v2 try: tf.write(cert.get_pem().decode("ascii")) # Py v3 except: tf.write(bytes(cert.get_pem(),"ascii")) tf.flush() cert_bundle_file = tf.name tf.close() print (cert_bundle_file) 4) Use PIP to install needed packages (unable to add them through the GUI in PRO) Open a cmd.exe change directory to the copied environment "scripts" folder: cd C:\tmp\python\venvs\py3_pro241_copy\Scripts Use PIP to install the needed module with the above "PEM_File": pip install <MODULE_NAME> --cert <LOCATION_TO_PEM_FILE> * The reason step 3 is needed is due to a forward proxy implementation our agency uses that presents all internal clients with a different SSL/TLS certificate than the actual certificate at the site; pip.exe does not trust these internal corporate certificate authority (CA). We have to tell pip what the trusted certificates are and are reading them from the trusted certificate store in windows. Best of luck!
... View more
12-19-2019
01:51 PM
|
0
|
1
|
1648
|
POST
|
Bump! We are also having this issue, but only on 1 service. We do host thousands of services, so trying to understand why this 1 service is failing with this server log error. Thanks!
... View more
09-16-2019
11:28 AM
|
0
|
0
|
668
|
POST
|
Final followup. I did open a case with tech support and they will submit an 'enhancement request' to resolve this issue. We discovered that as long as there is a C:\arcgisserver folder present and the service account has read/write permissions that the back-up operation can succeed. This implies that the current backup operation REQUIRES a C:\arcgisserver path even if the Local Repository Path is set to something different (such as a D:\) I also suggested the case analyst to consider adding documentation at the following locations: https://enterprise.arcgis.com/en/server/latest/administer/windows/back-up-and-restore-your-arcgis-server-site-configuration.htm https://developers.arcgis.com/rest/enterprise-administration/server/editconfigstore.htm https://enterprise.arcgis.com/en/server/latest/administer/windows/common-problems-and-solutions.htm https://enterprise.arcgis.com/en/server/latest/administer/windows/specifying-the-configuration-store-location-in-manager.htm Thanks!
... View more
07-08-2019
02:00 PM
|
1
|
0
|
3067
|
POST
|
Hey Jonathan Quinn, Thanks for the response. You are spot on in that the Server Export operation is the ultimate culprit. I was able to reproduce this on our production system and can confirm that the hard coded referenced C:\ path is not present. I will work through our organization channels to get a ticket submitted. Thanks again. BTW - what tool are you using for the second graphic you provided (reporting process/operations/results/details)? Looks like a very valuable tool for chasing issues like this.
... View more
06-27-2019
09:39 AM
|
0
|
1
|
3067
|
POST
|
Hi George, Thanks for the response. I was able to map it back to the default C:\ location and the webgisdr 'export' operation was successful. This worked for this specific portal solution, but we do have a few that are mapped to a DFS location where multiple servers participate in the site. Do you have a suggestion when multiple servers are participating in a site? Thanks!
... View more
06-25-2019
03:53 PM
|
0
|
0
|
3064
|
POST
|
Hello, We are trying to execute the webgisdr utility on one of our ArcGIS Enterprise solutions. The ArcGIS Server 'Local Repository Path' is not the standard C:\arcgisserver\local\config-store but instead placed on a 😧 location. Here is a quick snip from the ArcGIS Server admin console: And the failure we are getting from the webgisdr utility: C:\Program Files\ArcGIS\Portal\tools\webgisdr>webgisdr.bat --export --file D:\we bgisdr\webgisdr.properties ================================================== Starting the WebGIS DR utility. ================================================== The configuration and base backup time in the current Web GIS ------------------------------------------------------------- Portal: https://www.example.com/portal | |-- Hosting Server: https://MachineName.Domain:6443/arcgis | | | |-- Relational Data Store: https://MachineName.Domain:2443/arcgis Starting the backup process with the WebGIS DR utility. Starting the backup for Portal for ArcGIS: Url: https://www.example.com/portal. Starting the backup for ArcGIS Server: Url: https://MachineName.Domain:6443/arcgis. Starting the backup for ArcGIS Data Store: Url: https://MachineName.Domain:2443/arcgis. Failed to back up the ArcGIS Server: Url: https://MachineName.Domain:6443/arcgis. {"code":500,"messages":["Export operation failed. Configuration store error. File system 'C:\\arcgisserver\\local\\config-store' connection failed. The specified location is not accessible. Ensure that the ArcGIS Server account has read and write access to the location. "],"status":"error"} The following ArcGIS Data Store has been backed up successfully: Url: https://MachineName.Domain:2443/arcgis. The backup of ArcGIS Data Store has completed in 00hr:00min:21sec. The following Portal for ArcGIS has been backed up successfully: Url: https://www.example.com/portal. The backup of Portal for ArcGIS has completed in 00hr:07min:37sec. The backup of Web GIS components has completed in 00hr:07min:56sec. Stopping the WebGIS DR utility. It seems the WebGIS DR utility has a hard coded built in reference to the C:\ path Any suggestions for resolution? Thanks!
... View more
06-25-2019
12:07 PM
|
1
|
10
|
4215
|
POST
|
I recently had this same issue with Microsoft Application Request Routing (ARR) and think I found my resolution. Same behaviors noted: Accessing the web-site was generally functional Navigating to the sign-on page ended up in a never ending redirect loop. In my situation, my routing looks roughly like: client request -> firewall (content inspection) -> IIS Server (ARR) -> IIS Server (web-adaptor) -> Portal The IIS Server (ARR) in the middle is really not needed in this situation and the firewall could route traffic directly to my IIS Server (web-adaptor), but my firewall admin resources were tied up so I had to get a little creative. On the ARR rule, I had setup a server farm (for the back-end IIS/Web-adaptor server). And my ARR rule was setup to route traffic to the HTTP (port 80) endpoint of the web-adaptor. I think what is happening is that: Client connects to firewall on HTTPS/443 (traffic is terminated, and re-issued) IIS/ARR server receives the request from the firewall on HTTPS-443 IIS/ARR server routes request to backend IIS/Web-adaptor server on HTTP/80 Esri SW re-directs the sign-on page to HTTPS/443 (since it received it from ARR on HTTP/80). Client receives re-direct and starts over at step 1... ending up in a never ending loop with too many re-directs On the ARR rule, I switched to route to the server farm on HTTPS/443, but that immediatly failed because the back-end SSL certificate on the IIS/web-adatpor server was self-signed. Once I added a valid certicate to the back-end IIS/web-adaptor server, everything worked! I can re-create this situation by setting the ARR rule to route on HTTP (port 80). So key take-aways: Setup ARR rule to route on HTTPS (port 443) Provide a valid SSL certificate to the back-end web-adaptor server Hope this helps
... View more
06-24-2019
04:56 PM
|
3
|
0
|
3030
|
POST
|
Hello, Our organization is looking at adopting an ArcGIS Enterprise solution stack as we work to transition from ArcMap to ArcGIS PRO and tieing in many arcgis server environments into a more tightly integrated platform. During some of our testing, we have seen many users hitting the Spatial Analysis Tools services (I think these are also refereed to as 'portal web tools'), and with the standard ArcSOC instance settings (1 min, 2 max) we have seen quite a bit of over-utilization with the default settings (causing queening, slowness, and sometimes failures) . Increasing the number of instances is an option, up to thresholds of the amount of hardware on the hosted arcgis server environment. We are attempting to plan our final deployments (including a large amount of GIS professionals that will leverage the environment) and would like to put in some separation in the environments based on the behaviors we have seen (such as high CPU demands like the spatial analysis tools services). So on that note, is it possible to configure an ArcGIS Enterprise to run the hosted server (with datastore) seperate from the spatial analysis tools? Specifically something like putting the hosting server + data store on 1 machine (machine A) then the spatial analysis tools on a federated server (machine B)? I was unable to find documentation supporting this approach and I tried updating the portal https://host/portal/sharing/rest/portals/self helperServices.analysis configuration value from: https://host/machineA/rest/services/System/SpatialAnalysisTools/GPServer to: https://host/machineB/rest/services/System/SpatialAnalysisTools/GPServer But during testing the execution of the tools failed with: esriJobMessageTypeInformative: Submitted. esriJobMessageTypeInformative: Executing... esriJobMessageTypeError: OutputCatalogPath failed. Error: <built-in method GetOutputCatalogPath of HostedGP object object at 0x000002416A476FD8> returned NULL without setting an error esriJobMessageTypeError: {"messageCode": "AO_100001", "message": "AggregatePoints failed."} esriJobMessageTypeError: Failed to execute (AggregatePoints). esriJobMessageTypeError: Failed. Suggesting that the Spatial Analysis Tools need to be co-located with the hosting server + datastore. Basically what we are after is similar to the Deployment Patterns - ArcGIS Image Server (second option): For deployments where raster analysis will regularly be performed on large datasets, to ensure that dynamic image services are not negatively impacted, you should use separate sites for raster analysis and dynamic image services. But specific for vector analysis? I see alternatives to this is to put the a 2 machine site separate from the data store product? Other thoughts? Before clustering was deprecated, I would consider moving these to a set of machines in a new cluster... but that is no longer an option. Bottom Line... We want to minimize high cpu activities impacts to hosting content data I/O operations. Thanks for any feedback.
... View more
05-29-2019
01:31 PM
|
3
|
1
|
1487
|
POST
|
Hello, This thread is quite long with some gory details (below) so here is the bottom line... A File Geodatabase (FGDB) that has been compressed has showed to perform better on almost all operations tested, except a query with the LIKE operator (using _). The underlying field where the LIKE operator is applied to is indexed. Does anyone have ideas how to increase query performance on a compressed geodatabase when using a LIKE operator? --- GORY DETAILS --- The dataset we are working with is ~27GB when stored uncompressed in a FGDB. The dataset is highly used (300-400K hits a day with 4-5K unique clients) so adequate performance is critical. Furthermore, this is a central dataset to our organization operations. This FGDB is hosted on a file system and published through arcgis server as a mapping/feature service. There is a 1K limit on query operations. Display performance is generally sub-second as we have scale dependencies applied for appropriate levels. May of the clients need raw data access to the underlying features (think map identify, table display, query, etc) and generally not problematic. We have experienced clients that seem to 'scrape' data off the service by making ArcGIS Server query API calls like: https://www.myexample.com/arcgis/rest/services/folder/service/MapServer/3/query?returnGeometry=true&where=OBJECTID%20%3E… The example encoded 'where' clause is OBJECTID >277000 AND OBJECTID <=278000 What we observe is that some clients are making requests like this 1K record chunks at a time. Some of the clients are throwing upwards of 16 concurrent requests at the server and the server takes over 80 seconds to handle EACH request with the uncompressed database. This set of requests cause high CPU on the back-end arcgis server environments and if left unchecked, cause system unresponsiveness on this and many other services co-located here (the environment gets 5-6M hits a day with 60K+ unique clients). The back-end hardware is generally enough to handle daily operations (4 servers, each with 8 CPU, 32GB RAM), but when this scraping action occurs we experience instability. We have had to selectivly deny public IP addresses that exhibit this behavior. Often times they will come back, but scale back the concurrent requests (to like 😎 which the systems are able to handle, albeit a bit slow. Some of these are public anonymous users. Sadly, we do have the data available for download but cannot seem to prevent public users from scraping the data as a service. When we compress the FGDB (reduces to 3.5GB), the same request only takes 2.78 Seconds and a SQL Enterprise GDB takes even less at 1.7 seconds: Naturally the SQL Server Enterprise Geodatabase (EGDB) hosting appears to be the best case to resolve this performance issue, however we have completed some extensive testing and the FGDB hosting beats out the EGDB hosting on many other operations: The tests noted above were doing simple operations within a web-map (and using fiddler to reissue the requests sequentially a few times to obtain the response times). As you can see, the SQL EGDB performs worse than the compressed FGDB (the FGDB is 13-43% faster depending on the operation). We have completed similar tests on other datasets and generally publish from a FGDB due to the performance gains. This back-end EGDB was fully compressed (state of 0) with no versioning. And the dataset is heavily indexed on both FGDB and EGDB. So far, everything points to using a compressed FGDB for performance gains, however a query using the LIKE operation takes so long it times out: So... somewhat at a loss on best choice here. In full disclosure, we do not notice query LIKE operations on the rest endpoint, but rather we have a custom written Server Object Extension (SOE) that is using the LIKE operator extensively. This SOE was developed a few years back and we really dont want to dive in to try and re-write some of the query operations. Even if we did, this would not prevent a rogue user issuing a query LIKE operation through the REST API /query operation. I see a few options available (in order of best options IMO): 1) Post here and someone from the community can suggest something we have not throught about yet (please please please!) 2) Move this to a SQL Server EGDB back-end. Overall performance may be slower, but could be the best of all operations combined 3) Host a compressed and uncompressed FGDB with 2 different services. The uncompressed would have the SOE (that generally responds in sub-second time). Essentially isolating the SOE operations to an uncompressed GDB, and using the compressed FGDB for standard mapping/feature access. 4) refactor the SOE to remove any LIKE queries. Establish alternative queries that could perform better. Thoughts from the community? Thanks for any feedback you can provide.
... View more
05-07-2019
04:06 PM
|
0
|
1
|
1062
|
IDEA
|
We are discussing these challenges internally at our organization and it might be possible to get visibility to users with licences checked out, and possibly even an API call to release the license: Looks to be in the “User Entitlements” API Call - https://developers.arcgis.com/rest/users-groups-and-items/user-entitlements.htm Specifically look at the disconnected key and if present… has a new key disconnectedInfo. Here is an example response for a user with a disconnected license: {"username": "<username@<email>_<orgname>","lastLogin": 1549667257000,"disconnected": true,"disconnectedInfo": {"sessionName": "ArcGISPro_105","disconnectedSince": 1549667249000,"disconnectedUntil": 1706774399000},"entitlements": ["3DAnalystN","dataReviewerN","desktopAdvN","geostatAnalystN","networkAnalystN","spatialAnalystN","workflowMgrN"]}, Possible API call to remove the disconnected license: https://developers.arcgis.com/rest/enterprise-administration/portal/release-license.htm Which suggests we (as admins) can check it back in… “...the device is lost, damaged, corrupted, or formatted, the user will not be able to check in the license. This prevents the user from logging in to ArcGIS Pro from any other device. As an administrator, you can release the license. This frees the outstanding license and allows the user to check out a new license or use ArcGIS Pro in a connected environment.” We have not actually tested the 'releaseLicence' API call, but may look into it further...
... View more
02-27-2019
10:53 AM
|
0
|
0
|
1954
|
POST
|
Hi Petr Diviš We recently ran into this as well with a SOE developed in VB .Net for v10.4.1 (and confirmed it was also working in 10.5.1). We found a resolution detailed below Here was the original code functioning in 10.4.1/10.5.1: Friend Function GetCurrentUser() As String
Try
Dim myGUID As Guid = Marshal.GenerateGuidForType(GetType(IServerEnvironment))
Dim myUID As New ESRI.ArcGIS.esriSystem.UID
myUID.Value = myGUID.ToString("B")
Dim pEnvMgr As IEnvironmentManager = New EnvironmentManager
Dim pServEnv As IServerEnvironment2 = pEnvMgr.GetEnvironment(myUID)
Dim sUser As String = ""
sUser = pServEnv.UserInfo.Name
Return sUser
Catch ex As Exception
Return "Current user not found."
End Try
End Function And was throwing the following exception for line 7: Unable to cast object of type 'System.__ComObject' to type 'ESRI.ArcGIS.esriSystem.EnvironmentManagerClass' A colleague of mine found this BUG - BUG-000102447: The EnvironmentManager singleton object in the Serve.. And we translated that to VB .Net: Friend Function GetCurrentUser() As String
Try
Dim myGUID As Guid = Marshal.GenerateGuidForType(GetType(IServerEnvironment))
Dim myUID As New ESRI.ArcGIS.esriSystem.UID
myUID.Value = myGUID.ToString("B")
' Issues with original 10.5.1 code implementation - https://support.esri.com/en/technical-article/000011331
'Dim pEnvMgr As IEnvironmentManager = New EnvironmentManager()
Dim t As Type = Type.GetTypeFromProgID("esriSystem.EnvironmentManager")
Dim obj As System.Object = Activator.CreateInstance(t)
Dim pEnvMgr As IEnvironmentManager = obj
Dim pServEnv As IServerEnvironment2 = pEnvMgr.GetEnvironment(myUID)
Dim sUser As String = ""
sUser = pServEnv.UserInfo.Name
Return sUser
Catch ex As Exception
Return "Current user not found... " & ex.ToString() After a re-build, deploy, test/debug session we confirmed our logged in user information was available again in the SOE. *whew* ... we were quite worried we found a critical show stopper to our 10.6.1 upgrade efforts as getting the logged in user is critical for a few of our SOE's Hope this helps.
... View more
02-12-2019
11:05 AM
|
2
|
0
|
1418
|
POST
|
Created an ideas thread in hopes this can be implemented - https://community.esri.com/ideas/16145
... View more
02-04-2019
12:30 PM
|
1
|
0
|
1075
|
Title | Kudos | Posted |
---|---|---|
1 | 04-05-2018 12:23 PM | |
1 | 05-17-2022 10:21 AM | |
1 | 07-15-2020 02:46 PM | |
2 | 11-24-2020 11:29 AM | |
1 | 06-08-2018 12:32 PM |
Online Status |
Offline
|
Date Last Visited |
07-18-2024
08:11 PM
|