AnsweredAssumed Answered

Unable to log into ArcGIS Server Manager after Federating

Question asked by lscharen on Jun 2, 2017
Latest reply on Dec 11, 2017 by lscharen

I have federated Portal 10.5 with a single-machine ArcGIS Server 10.5 site.  Portal is configured to use Active Directory for its Identity Store. Portal and ArcGIS Server are on different virtual servers and their respective web adaptors are on a separate Web Server and configured under different IIS sites. I have done ArcGIS Enterprise Basic deployment in the past successfully.

 

This table summarized the configuration

 

URLDescription
https://ags-web-dev.mydomain.org/serverWeb Adaptor pointing to the ArcGIS Server
https://ags-web.mydomain.org/portalWeb Adaptor pointing to the Portal for ArcGIS Site
https://ags-dev.mydomain.org:6443/arcgisDirect URL to the ArcGIS Server machine
https://ags-portal.mydomain.org:7443/arcgisDirect URL to the Portal for ArcGIS

 

Almost everything appears to work correctly.  For example

  • I can log into Portal using the primary site administrator account
  • I can log into Portal using my Domain account
  • After Federating, all of the ArcGIS Server services appeared as Portal items, as expected
  • I can log into the ArcGIS Server Administrative service directory using the ArcGIS Server site administrator credentials, or by manually generating a Portal token.

 

The only issue if that attempting to open ArcGIS Server Manager fail.  The interface hangs on the "Please wait..." progress bar and the network traffic shows repeated failures to POST to the portal generateToken page via the ArcGIS Server proxy 

 

https://ags-dev.mydomain.org:6443/arcgis/manager/proxy?_proxyUrl=https%3A%2F%2****-web.mydomain.org%2Fportal%2Fsharing… 

 

The network inspector shows that ArcGIS Server returned a 500 server error caused by a "Connection closed" (see screenshot).

 

Are there any good ways to go about diagnosing the root cause of an issue like this?

 

Update

Installing Fiddler and enabling HTTPS traffic snooping shows that request is being sent from the ArcGIS Server machine to the Portal Web Adaptor.

 

This may be a side-effect of enabling Fiddler as a MITM proxy, but the Portal logs show this WARNING:

 

ArcGIS Server services URL 'https://ags-web-dev.mydomain.org/server' cannot be validated against 'https://ags-web-dev.mydomain.org/server/rest/info'. If the service URL is a proxy URL verify it is accessible to clients.

 

The JSON at the /info endpoint is

{  "currentVersion": 10.5,  "fullVersion": "10.5.0",  "soapUrl": "https://ags-web-dev.mydomain.org/server/services",  "secureSoapUrl": null,  "owningSystemUrl": "https://ags-web.mydomain.org/portal",  "authInfo": {   "isTokenBasedSecurity": true,   "tokenServicesUrl": "https://ags-web.mydomain.org/portal/sharing/generateToken"  } }

What information is being used to attempt this 'validation'?

Outcomes