AnsweredAssumed Answered

GeoEvent error writing to feature service

Question asked by gill.paterson@geoplex.com.au on Aug 5, 2019
Latest reply on Aug 6, 2019 by gill.paterson@geoplex.com.au

We have another log error that I am not sure whether it is related to SSL certs, keystores and config-stores.

 

A bit of background, we moved our config-store, Portal and Server came back up fine. GeoEvent did not, the browser changing from a secure connection to unsecure and having to add a security exception to view the manager. We weren't able to fix the issue (see this question), so we re-installed, and despite the browser now saying the connection is secure again, we are still seeing in the karaf logs, entries such as "no valid keystore" and "Failed to read certificate file... signed fields invalid". I tried to send through a test message and a log entry was added to say that the user didn't have permissions

"2019-08-05T16:35:02,510 | ERROR | FeatureJsonOutboundAdapter-FlushingThread-com.esri.ges.adapter.outbound/JSON/10.6.1 | FeatureServiceOutboundTransport  | 78 - com.esri.ges.framework.transport.featureservice-transport - 10.6.1 | {"error":{"code":400,"message":"User does not have privileges to perform this operation.","details":[]}}
2019-08-05T16:35:02,511 | ERROR | FeatureJsonOutboundAdapter-FlushingThread-com.esri.ges.adapter.outbound/JSON/10.6.1 | FeatureServiceOutboundTransport  | 78 - com.esri.ges.framework.transport.featureservice-transport - 10.6.1 | Error while writing to feature service VRN-Device-Locations. Error: {"error":{"code":400,"message":"User does not have privileges to perform this operation.","details":[]}}."

 

I have a feeling that the certs and this user permission error may be linked, but I am not sure how. I wasn't able to see any owners of the output connectors in GeoEvent (the config xml has owners for the definitions), and the owner of the item in Portal is a valid user.

 

How can I tell/change which user GeoEvent is using to write to the feature service? Is this the service account? (I am assuming so??)

 

Does the feature service need to have the same owner as the GeoEvent user? (they would have been when first published, but would just like to double check since the config-store and directories move)

 

I also have another feature service where GeoEvent can't see the layer within. This layer does exist in the AGS services directory. At this stage the only solution I have for this problem is to re-publish the service, however given the other issues, I am wondering whether it is all linked.

Outcomes