Community

Waze Live Alerts Layer (from marketplace): How to connect to a 10.9.1 ArcGIS Enterprise

991
9
Jump to solution
06-02-2022 10:50 PM
ChaimSchwartzIroads
by
New Contributor III
‎06-02-2022 10:50 PM

Hi,

Our arcgis online organization participates in the Waze Connected Citizen Program, so we have access to the Waze Live Alerts Layer from "ArcGIS MarketPlace". Formerly, I have also been successfull in referencing that layer in our on-prem ArcGIS Enterprise 10.6 Installation by adding an item to the secured content, and storing my ArcGIS Online credentials with the item so user's are not prompted for passwords. However, we now have a new ArcGIS Enterprise 10.9.1 running, and when I try to add the item using the same method, the option to store credentials is not available. 

Any ideas?

0 Kudos
1 Solution

Accepted Solutions
ChristopherPawlyszyn
by Esri Contributor
Esri Contributor
‎06-03-2022 10:50 AM

Connection timeouts are typical of packets being dropped at the firewall or edge network appliance, so I'd lean on your IT department for additional information there. It may be a security software installed on the machine or a network-based ruleset (that can also be based on AD user membership). If there were a forward proxy decrypting and re-encrypting the traffic you'd see entries detailing an untrusted certificate chain in the Portal logs.


-- Chris Pawlyszyn

View solution in original post

9 Replies
ChristopherPawlyszyn
by Esri Contributor
Esri Contributor
‎06-03-2022 05:50 AM

Two things I would consider here are whether the new Portal for ArcGIS service account can access the internet (on the Portal for ArcGIS machine) and whether there is a forward proxy in the network path. When saving credentials, Portal for ArcGIS acts as a proxy to attach the credentials in-transit so needs to both trust the certificate of the target resource and be able to reach it. This technical article may prove helpful as well:

https://support.esri.com/en/technical-article/000015387


-- Chris Pawlyszyn
0 Kudos
ChaimSchwartzIroads
by
New Contributor III
‎06-03-2022 08:21 AM

Thank you very much @ChristopherPawlyszyn  for the reply!! I thought your first suggestion might have been the right direction since we actually changed our strategy to use gMSA accounts, but I then switched to my own AD account which definitely has access to the internet from that machine, and still it didn't do the trick. In terms of a proxy, we simply use web adaptors (one for server one for portal, by the book...), I'm not aware of any other stop on the way to the internet. I will confirm with IT however, there might be new policies they've put in place that haven't been around in the older environment. Any other ideas...?

 

0 Kudos
ChristopherPawlyszyn
by Esri Contributor
Esri Contributor
‎06-03-2022 08:37 AM

Another angle of approach would be to try entering https://www.arcgis.com in the checkUrl endpoint, then reviewing the Portal for ArcGIS logs for any SSL certificate verification issues. The reverse proxy action (web adaptors) would be different than outgoing traffic that may be affected by a forward proxy.

 

Example URL:

https://portal.domain.com:7443/arcgis/sharing/rest/portals/checkUrl


-- Chris Pawlyszyn
0 Kudos
ChaimSchwartzIroads
by
New Contributor III
‎06-03-2022 08:58 AM

OK - I ran the arcgis online url through the checkURL path (minus the port number). I did receive an error message (pasted below), but no new log record was added under D:\arcgisportal\logs

{

  • success: false,
  • error:
     
    {
    • message: "Unable to connect, connection timed out"
    }

}

0 Kudos
ChristopherPawlyszyn
by Esri Contributor
Esri Contributor
‎06-03-2022 10:50 AM

Connection timeouts are typical of packets being dropped at the firewall or edge network appliance, so I'd lean on your IT department for additional information there. It may be a security software installed on the machine or a network-based ruleset (that can also be based on AD user membership). If there were a forward proxy decrypting and re-encrypting the traffic you'd see entries detailing an untrusted certificate chain in the Portal logs.


-- Chris Pawlyszyn
ChaimSchwartzIroads
by
New Contributor III
‎06-06-2022 04:34 AM
  • You nailed it! IT had exceptions on our previous environment that were not applied to the new one. Thank you so much for your assistance!
0 Kudos
ChristopherPawlyszyn
by Esri Contributor
Esri Contributor
‎06-06-2022 07:37 AM

Glad it's working and happy to help!


-- Chris Pawlyszyn
0 Kudos
BillFox
by MVP Frequent Contributor
MVP Frequent Contributor
‎06-03-2022 01:36 PM

Hi,

Just for comparison, can you try creating another agol user like "portaluser" that is allowed to view the waze item.

Then as a portal admin, add that waze item using the agol portal user (hopefully being prompted to store user name and password) and then share to your portal organization

0 Kudos
BillFox
by MVP Frequent Contributor
MVP Frequent Contributor
‎06-03-2022 01:38 PM

similar to this example from Nearmap

https://docs.nearmap.com/display/ND/Portal+for+ArcGIS+-+Nearmap+Integration+from+ArcGIS+Online

and maybe the info in the esri doc that link mentions will help too

0 Kudos