AnsweredAssumed Answered

Is it possible to reset the password for the identity store while the server is not running?

Question asked by rickthiel on Nov 6, 2015
Latest reply on Nov 6, 2015 by rickthiel

Hello GeoNet,

 

We are running ArcGIS Server 10.2.1.  Yesterday I was trying to configure our TEST environment to use "HTTP or HTTPS" by following the step-by-step instructions from ESRI. During the process it appeared to "hang" and then I noticed that the network-account that we use to connect to our identity store became locked.  Oh boy, did that ever cause problems!  This same network account is used by all of our TEST/QA/PROD ArcGIS Server environments to connect to the identity store.  That is obviously a problem we will have to fix at a later date.

 

The effect of all that: when the account became locked no one could see the map services that they should have access to.  When IT Security unlocked the network account for me, then everything worked again.  It caused a great panic for me when everything went down.

 

Later, I went into the ArcGIS Server Administrator tool (http://localhost:6080/arcgis/admin/security/config/updateIdentityStore) to see if there was a problem with the accout information that we have for the identity store.  The only button at the bottom of the page is the UPDATE button.  I clicked it... THAT WAS A BIG MISTAKE!

IdentityStore.PNG

 

I noticed that after hitting the update button, the value for adminUserPassword appeared to change. Pressing update again gave me this error:  "Failed to update the identity store configuration. Could not configure the identity store as one or more of the supplied parameters is incorrect. Verify that you can connect to the identity store outside of ArcGIS Server using the same parameters."

 

Now everytime that I try to start ArcGIS Server in our TEST environment, it locks the network account that we use for identity store.  So essentially I have had to shut down our TEST environment until I can get this fixed.

 

I did some research...  I see that there is a config filed stored on the shared drive that we use for ArcGIS Server, which is located here: ..\arcgisserver\config-store\security\security-config.json.  The contents of the file looks like this: 

{
  "securityEnabled": true,
  "authenticationMode": "WEB_ADAPTOR_AUTHENTICATION",
  "authenticationTier": "WEB_ADAPTOR",
  "userStoreConfig": {
    "type": "WINDOWS",
    "properties": {
      "adminUserPassword": "aztEu+yKU7sSQrtvtUu3ATxk9X7MwcD7aK9dlIp0e6A=",
      "adminUser": "[I deleted the userid for this post]"
    }
  },
  "roleStoreConfig": {
    "type": "WINDOWS",
    "properties": {
      "adminUserPassword": "aztEu+yKU7sSQrtvtUu3ATxk9X7MwcD7aK9dlIp0e6A=",
      "adminUser": "[I deleted the userid for this post]"
    }
  },
  "sslEnabled": true,
  "httpEnabled": true,
  "virtualDirsSecurityEnabled": false,
  "allowDirectAccess": true
}

 

My question is this: Is it possible to enter the correct password in there so I can start the ArcGIS server again?  It looks encrypted. If I enter a clear text password in there, will it work?

Outcomes