Port used for "Check for ArcGIS Enterprise Updates" utility

3570
10
03-14-2019 08:33 AM
MichaelSchoelen
Occasional Contributor III

What port is being used for the "Check for ArcGIS Enterprise Updates" utility? We opened 443 in our firewall on a usually disconnected server, and can hit www.arcgis.com:443 in Internet Explorer. But the tool returns an error:

Your computer appears to be offline. Check your Internet connection and try again.

Network connection error.

OfflineNetwork

0 Kudos
10 Replies
JonathanQuinn
Esri Notable Contributor

I set the utility to use Fiddler as a proxy and it actually goes through HTTP:

The "patches" key in the response has all of the patches available for 10.6.1, for example. Try to let 80 through your firewall or configure the utility to use a forward proxy.

0 Kudos
MichaelSchoelen
Occasional Contributor III

Is it possible to use a proxy on port 443? Or does the Esri download endpoint only respond to port 80? If the latter is the case, we'll just do offline downloads and installations because of security. 

0 Kudos
JonathanQuinn
Esri Notable Contributor

That endpoint is available over https (https://downloads.esri.com/patch_notification/patches.json), so if you can sort out a way to translate the request from 80 to 443, and back from 443 to 80, that may work? Worst case you'll need to download them manually. We'll update the utility.

MichaelSchoelen
Occasional Contributor III

All good. For now we're just downloading the patches manually into a folder and pushing them to the servers with Chef. 
Updating the utility would be great! I've added it as an idea:

https://community.esri.com/ideas/16499-use-port-443-for-check-for-arcgis-enterprise-updates-utility 

City_of_LakelandGIS
New Contributor III

Jonathan,

Any update on the update to the utility, namely use over 443?  Thank you!

0 Kudos
JonathanQuinn
Esri Notable Contributor

No, the change hasn't been made yet. You can track the status of this bug for more information:

BUG-000121591 Patch Notification: The URL referenced to the patches.json file should be HTTPS only

0 Kudos
JosiahThoen
New Contributor II

There are several hidden switches in the utility.  Passing a -u allows you to change the url the patches.json is downloaded from.  If you download the patches.json from https://downloads.esri.com/patch_notification/patches.json you can change the http:// addresses to https://.  Then rehost the file on a web server.  You can then call the bat file with the new switch and the new url.

  1. Download https://downloads.esri.com/patch_notification/patches.json
  2. Find and replace http: with https in the file
  3. Save and place the file on a web server.
  4. From the command line on your arcgis server run the following:

patchnotification.bat -c -u https://<YOUR SITE>/patches.json -i all

I did have to rerun the command for each patch as it would close after installing a single patch but this was quicker then downloading and installing them.

0 Kudos
NikMartin
New Contributor II

This doesn't seem to work for me on a Windows 2019 Server. I edited and re-hosted patches.json on an https server and get errors when running, although I can download any patch via the browser on that same server.

c:\Program Files\ArcGIS\Portal\tools\patchnotification>patchnotification.bat -c -u https://rehosted-endpoint.cloudfront.net/patches.json -i all
================================================================================
                      ArcGIS Enterprise Patch Notification
================================================================================

Collecting patch info for:
    Portal for ArcGIS 10.9.1.....

-------------------------------------------------------------------
   Installing: Portal for ArcGIS Log4j Patch
<<<<
Error downloading patch file:

Patch File Download Exception: Error connecting to remote host.  Did you check your proxy settings?
 >>>>
       Status: ERROR...
-------------------------------------------------------------------
...

 

If I search for that patch name in patches.json and paste the link to the msp into the browser on that same server, it works fine. 

0 Kudos
ronaldbruzzese22
New Contributor

are there any updates on this issue?  we are continuing to have this issue across multiple servers.  esri tech support has not been able to provide a solution.  any information is appreciated!

0 Kudos