Error 403 forbidden when attempting to create admin connection to AGS

10091
7
Jump to solution
11-05-2013 12:03 PM
AndrewBrown1
Occasional Contributor II
I'm on the production network, the same network as our forward-facing server, and I'm able to successfully RDP into the box and access the server manager on the server through the server's browser.

However, I'm not able to create an administrative connection from my computer to ArcGIS Server on the production box. I receive error 403, forbidden. Either because of our firewall rules or because my local machine's Windows user doesn't exist on the production box. But since I'm not using any windows credentials to create the connection, our windows accounts should be irrelevant, correct? My user on the production box is NOT an administrator, and neither am I on my own machine.

So, why can't I create an administrative connection to the production box? I can see the machine and RDP into it, but when I try to create a connection, I receive Error 403 Forbidden. Same goes with trying to access the ArcGIS Server Portal website on my machine.

Plot twist, my colleague is an administrator on the machine and he can successfully create an admin connection from his machine to the server. He might have set up rules to allow his computer to connect, too, but he doesn't remember doing so.

Has anybody experienced anything similar to this?
Tags (2)
0 Kudos
1 Solution

Accepted Solutions
AndrewBrown1
Occasional Contributor II
Since you are uinsg https with port 443 on the web adaptor, I'm assuming you have setup the GIS Server to also use the https protocol.  If not, you need to. For more information see this documentation:

http://resources.arcgis.com/en/help/main/10.2/index.html#/Enabling_SSL_using_the_default_self_signed...

If you have setup the protocol on the GIS Server to "http and https"... your URLs to connect to Manager through the GIS Server should look something like this:

https://yourservername:6443/arcgis/manager/
or
http://yoursevername:6080/arcgis/manager

Do you get the 403 forbidden error at both of these URLs?



Thanks for linking me to the resources page. I navigated to http://server:6080/arcgis/admin, then to security, config, then update. I saw a field called "Allowed Administrative IPs:" and it had my colleague's IP listed. I added my IP, separated by a comma, and it worked!

For the record, we were allowing http and https.

I'll be writing this down under lessons learned.

Thanks again for your help.

Andrew

View solution in original post

0 Kudos
7 Replies
StephanieSnider
Occasional Contributor III
Are you logging into the GIS Server (http://server:6080/arcgis) or the web adaptor (http://server/arcigs)? 

Can you log into the ArcGIS Server Manager from a browser on your PC?  If so, are you able to log in with your credentials or using the primary site admin account?
0 Kudos
AndrewBrown1
Occasional Contributor II
Are you logging into the GIS Server (http://server:6080/arcgis) or the web adaptor (http://server/arcigs)? 

Can you log into the ArcGIS Server Manager from a browser on your PC?  If so, are you able to log in with your credentials or using the primary site admin account?


I'm trying to create the connection to http://server:6080/arcgis, which my colleague can access without any issues. The server is set up to use the web adaptor, but the web adaptor is installed on the web server, a separate machine on the network.

When I try to access the Server Manager website from a browser on my PC, it freezes on the moving scrollbar. Normally, it'll stay on the scrollbar for a second then forward to the login page, but it doesn't do that. I looked at the javascript console and it's returning an error 403, forbidden message. The webpage cannot forward to the login.
0 Kudos
StephanieSnider
Occasional Contributor III
Is your GIS Server set to use the GIS Tier or Web Tier for auththentication?  If its set to use the Web Tier, is the web adaptor server's IIS site set to use Anonymous or Windows authentication?  Also....is the web adaptor's IIS site using a standard port like 80...or something different?
0 Kudos
AndrewBrown1
Occasional Contributor II
Is your GIS Server set to use the GIS Tier or Web Tier for auththentication?  If its set to use the Web Tier, is the web adaptor server's IIS site set to use Anonymous or Windows authentication?  Also....is the web adaptor's IIS site using a standard port like 80...or something different?


It is set up to use the GIS Tier authentication.

We have two web adaptors set up... one is https, port 443, and the other is port 80, but they are both on another machine.
0 Kudos
AndrewBrown1
Occasional Contributor II
Also, anonymous authentication is enabled, but windows is disabled.
0 Kudos
StephanieSnider
Occasional Contributor III
Since you are uinsg https with port 443 on the web adaptor, I'm assuming you have setup the GIS Server to also use the https protocol.  If not, you need to. For more information see this documentation:

http://resources.arcgis.com/en/help/main/10.2/index.html#/Enabling_SSL_using_the_default_self_signed...

If you have setup the protocol on the GIS Server to "http and https"... your URLs to connect to Manager through the GIS Server should look something like this:

https://yourservername:6443/arcgis/manager/
or
http://yoursevername:6080/arcgis/manager

Do you get the 403 forbidden error at both of these URLs?
0 Kudos
AndrewBrown1
Occasional Contributor II
Since you are uinsg https with port 443 on the web adaptor, I'm assuming you have setup the GIS Server to also use the https protocol.  If not, you need to. For more information see this documentation:

http://resources.arcgis.com/en/help/main/10.2/index.html#/Enabling_SSL_using_the_default_self_signed...

If you have setup the protocol on the GIS Server to "http and https"... your URLs to connect to Manager through the GIS Server should look something like this:

https://yourservername:6443/arcgis/manager/
or
http://yoursevername:6080/arcgis/manager

Do you get the 403 forbidden error at both of these URLs?



Thanks for linking me to the resources page. I navigated to http://server:6080/arcgis/admin, then to security, config, then update. I saw a field called "Allowed Administrative IPs:" and it had my colleague's IP listed. I added my IP, separated by a comma, and it worked!

For the record, we were allowing http and https.

I'll be writing this down under lessons learned.

Thanks again for your help.

Andrew
0 Kudos