AnsweredAssumed Answered

Licensing ArcGIS Server in secure cloud subnet

Question asked by Guus.Klaas_stedin on Nov 11, 2019
Latest reply on Nov 11, 2019 by Guus.Klaas_stedin

Hiya,

 

We're trying to deploy ArcGIS Enterprise 10.7.1 through the azure cloudbuilder with a rather secure (sub)net which is in control of our CSP. The deployment currently fails on:

 

"error": {
    "code": "ResourceDeploymentFailure",
    "message": "The resource operation completed with terminal provisioning state 'Failed'.",
    "details": [{
        "code": "VMExtensionProvisioningError",
        "message": "VM has reported a failure when processing extension 'DSCConfiguration0'. Error message: \"DSC Configuration 'ServerConfiguration' completed with error(s). Following are the first few: PowerShell DSC resource ArcGIS_License failed to execute Set-TargetResource functionality with error message: [ERROR] - Attempt 10 - Licensing for Product [Server] failed. Software Authorization Utility returned Error authorizing with the following file C:\\Packages\\Plugins\\Microsoft.Powershell.DSC\\2.80.0.0\\ArcGISGISServerAdvanced_ArcGISServer_USER.prvc The SendConfigurationApply function did not succeed.\"."
    }]
}

 

It seems (no RDP, so quite limited in deep diagnostics...) that ArcGIS is unable to license ArcGIS Server. Now our CSP works with a DNS-based whitelist on what kind of resources the individual machines can reach over the internet (funny due to this deployment getting a public IP itself...). I validated that the file is correct, it's from a fresh dev subscription and works in a deployment without the CSP subnet...

 

I already told our CSP to whitelist *.esri.com; however, still no luck. My question:

 

What resources does the server licensing use which we need to whitelist? This is not documented (internal server resources tend to be documented only, or a non-cloud builder supported 'offline' authentication), and our new CSP is also not really forthcoming in deep traces on what happens...

Outcomes