arcgis-powershell-dsc
arcgis-powershell-dsc copied to clipboard
Esri
Trouble connecting dual web adaptors
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
Module Version
4.1.0
Affected Resource(s)
ArcGIS_Server, Web Adaptor
Configuration Files
ags.json
{
"AllNodes": [
{
"NodeName": "10.155.22.234",
"Role": [
"Server",
"ServerWebAdaptor"
]
},
{
"NodeName": "10.155.22.250",
"Role": [
"Server",
"ServerWebAdaptor"
]
}
],
"ConfigData": {
"Version": "11.1",
"ServerRole": "GeneralPurposeServer",
"ServerContext": "maps",
"DownloadPatches": true,
"ForceLicenseUpdate": false,
"Credentials": {
"ServiceAccount": {
"Password": "***",
"UserName": "svcaccount",
"IsDomainAccount": false
}
},
"Server": {
"PrimarySiteAdmin": {
"UserName": "theadmin",
"Email": "[email protected]",
"Password": "***"
},
"ExternalLoadBalancer": "sub.domain.com",
"LicenseFilePath": "C:\\geo-cfn-init\\resources\\licenses\\generated.prvc",
"Installer": {
"Path": "C:\\geo-ami-resources\\ArcGIS_Server_Windows_111_185208.exe",
"InstallDir": "C:\\Program Files\\ArcGIS\\Server",
"InstallDirPython": "C:\\Python27",
"PatchesDir": "C:\\temp\\patches",
"PatchInstallOrder": [
""
],
"EnableArcMapRuntime": true,
"EnableDotnetSupport":true
},
"ServerDirectoriesRootLocation": "\\\\10.155.22.229\\gis-server\\arcgisserver\\directories",
"ConfigStoreLocation": "\\\\10.155.22.229\\gis-server\\arcgisserver\\config-store"
},
"WebAdaptor": {
"AdminAccessEnabled": true,
"Installer": {
"Path": "C:\\geo-ami-resources\\ArcGIS_Web_Adaptor_for_Microsoft_IIS_111_185222.exe"
}
}
}
}
Expected Behavior
Two AWS VMs, each with ArcGIS Server and Web Adaptor installed. Should configure both web adaptors with both servers. (Although I'd be fine with each server having its own web adaptor)
Actual Behavior
11/29/2023 2:27:40 PM: [EC2AMAZ-XYZ]: [[ArcGIS_WebAdaptor]ConfigureServerWebAdaptor10.155.22.234] Output of execution:- ERROR: Unable to connect to Web Adaptor URL : https://10.155.22.234/maps/webadaptor.
11/29/2023 2:27:40 PM: [EC2AMAZ-XYZ]: LCM: [ End Set ] [[ArcGIS_WebAdaptor]ConfigureServerWebAdaptor10.155.22.234] in 102.6170 seconds.
11/29/2023 2:27:40 PM: [EC2AMAZ-XYZ]: LCM: [ End Set ]
11/29/2023 2:27:40 PM: Operation 'Invoke CimMethod' complete.
Trace-DSCJob : 11/29/2023 2:27:40 PM: PowerShell DSC resource ArcGIS_WebAdaptor failed to execute Set-TargetResource
functionality with error message: [ERROR]:- ERROR: Unable to connect to Web Adaptor URL :
https://10.155.22.234/maps/webadaptor.
At C:\Program Files\WindowsPowerShell\Modules\ArcGIS\4.1.0\ArcGIS.psm1:261 char:5
+ Trace-DSCJob -Job $Job -JobName $ConfigurationName -DebugMode $De ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Trace-DSCJob
Trace-DSCJob : 11/29/2023 2:27:40 PM: The SendConfigurationApply function did not succeed.
At C:\Program Files\WindowsPowerShell\Modules\ArcGIS\4.1.0\ArcGIS.psm1:261 char:5
+ Trace-DSCJob -Job $Job -JobName $ConfigurationName -DebugMode $De ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Trace-DSCJob
Steps to Reproduce
# Running as the same user that runs ags (see tpl)
$pw = ConvertTo-SecureString "***" -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential ($usr, $pw)
# Call DSC
Invoke-ArcGISConfiguration `
-ConfigurationParametersFile ags.json `
-Mode InstallLicenseConfigure `
-Credential $credential `
-DebugSwitch
Important Factoids
The end result looks to be fully functional. When I log into server manager I see both machines participating in the site, and both machines listed as web adaptors. The problem is that an ERROR log is being written, which it never did before, and my automation then passes that along. Can work around I guess, but would love to know what's happening.
Also, the error message says I can't reach https://10.155.22.234/maps/webadaptor but when I remote into the machine and try the URL, I can reach it. I get a cert warning from chrome, but if I click through I can see it fine. Makes me think there may just be a timing issue? I can't say for sure.
References
NA
@jhevenor Maybe to see if it is a timing related issue, can you see if it connects successfully on a second run?
Thanks, Cameron K.
Hi @cameronkroeker, a manual run goes smoothly
Output of execution:-
Configuring the ArcGIS Enterprise Web Adaptor with ArcGIS Server.
Configuring Web adaptor...
Instead of the Output of execution:- ERROR: Unable to connect to Web Adaptor URL I received on the first run. Not 100% apples to apples, as this ran in a powershell admin window, verses being launched via cfn-init which I think runs as the SYSTEM user (windows server 2019).
Just to follow up here, I'm running two VMs per site (call them A, B), and each VM has the web adaptor installed. I just want the context change from /arcgis to something custom as I run a generate site and separate image server on the same subdomain.
The two things I notice from the logs (ran fresh this morning). First, the two machine each just finish installing their self-signed certs:
12/18/2023 3:22:29 PM: [EC2AMAZ-A]: LCM: [ Start Resource ] [[ArcGIS_IIS_TLS]WebAdaptorCertificateInstall10.155.1.242]
12/18/2023 3:22:29 PM: [EC2AMAZ-A]: LCM: [ Start Test ] [[ArcGIS_IIS_TLS]WebAdaptorCertificateInstall10.155.1.242]
12/18/2023 3:22:29 PM: [EC2AMAZ-A]: LCM: [ End Test ] [[ArcGIS_IIS_TLS]WebAdaptorCertificateInstall10.155.1.242] in 0.1660 seconds.
12/18/2023 3:22:29 PM: [EC2AMAZ-A]: LCM: [ Start Set ] [[ArcGIS_IIS_TLS]WebAdaptorCertificateInstall10.155.1.242]
12/18/2023 3:22:29 PM: [EC2AMAZ-A]: [[ArcGIS_IIS_TLS]WebAdaptorCertificateInstall10.155.1.242] Setting up SSL Binding with self signed certificate
12/18/2023 3:22:29 PM: [EC2AMAZ-A]: [[ArcGIS_IIS_TLS]WebAdaptorCertificateInstall10.155.1.242] Creating Binding on Port 443 for https
12/18/2023 3:22:29 PM: [EC2AMAZ-A]: [[ArcGIS_IIS_TLS]WebAdaptorCertificateInstall10.155.1.242] Finished Creating Binding on Port 443 for https
12/18/2023 3:22:29 PM: [EC2AMAZ-A]: [[ArcGIS_IIS_TLS]WebAdaptorCertificateInstall10.155.1.242] Installing Self-Signed Certificate for DnsName 10.155.1.242
12/18/2023 3:22:29 PM: [EC2AMAZ-A]: [[ArcGIS_IIS_TLS]WebAdaptorCertificateInstall10.155.1.242] Creating New-SelfSignedCertificate for DNS:- 10.155.1.242
12/18/2023 3:22:29 PM: [EC2AMAZ-A]: [[ArcGIS_IIS_TLS]WebAdaptorCertificateInstall10.155.1.242] Creating using New-SelfSignedCertificate
12/18/2023 3:22:34 PM: [EC2AMAZ-B]: [[ArcGIS_IIS_TLS]WebAdaptorCertificateInstall10.155.1.241] Creating using New-SelfSignedCertificate
12/18/2023 3:22:34 PM: [EC2AMAZ-B]: [[ArcGIS_IIS_TLS]WebAdaptorCertificateInstall10.155.1.241] Finished Creating using New-SelfSignedCertificate
12/18/2023 3:22:34 PM: [EC2AMAZ-B]: [[ArcGIS_IIS_TLS]WebAdaptorCertificateInstall10.155.1.241] Installing Certificate with thumbprint 3AE58C9DA424398EAD2C41E9037E32D3F0D4F957 and subject CN=10.155.1.241 into IIS Binding for Port 443
12/18/2023 3:22:34 PM: [EC2AMAZ-B]: [[ArcGIS_IIS_TLS]WebAdaptorCertificateInstall10.155.1.241] Finished Installing Certificate
12/18/2023 3:22:34 PM: [EC2AMAZ-B]: LCM: [ End Set ] [[ArcGIS_IIS_TLS]WebAdaptorCertificateInstall10.155.1.241] in 2.5290 seconds.
12/18/2023 3:22:34 PM: [EC2AMAZ-B]: LCM: [ End Resource ] [[ArcGIS_IIS_TLS]WebAdaptorCertificateInstall10.155.1.241]
12/18/2023 3:22:34 PM: [EC2AMAZ-B]: LCM: [ Start Resource ] [[ArcGIS_WebAdaptor]ConfigureServerWebAdaptor10.155.1.241]
12/18/2023 3:22:34 PM: [EC2AMAZ-B]: LCM: [ Start Test ] [[ArcGIS_WebAdaptor]ConfigureServerWebAdaptor10.155.1.241]
12/18/2023 3:22:34 PM: [EC2AMAZ-B]: LCM: [ End Test ] [[ArcGIS_WebAdaptor]ConfigureServerWebAdaptor10.155.1.241] in 0.2490 seconds.
12/18/2023 3:22:34 PM: [EC2AMAZ-B]: LCM: [ Start Set ] [[ArcGIS_WebAdaptor]ConfigureServerWebAdaptor10.155.1.241]
12/18/2023 3:22:34 PM: [EC2AMAZ-B]: [[ArcGIS_WebAdaptor]ConfigureServerWebAdaptor10.155.1.241] https://10.155.1.241/maps-cartes/webadaptor
12/18/2023 3:22:34 PM: [EC2AMAZ-A]: [[ArcGIS_IIS_TLS]WebAdaptorCertificateInstall10.155.1.242] Finished Creating using New-SelfSignedCertificate
12/18/2023 3:22:34 PM: [EC2AMAZ-A]: [[ArcGIS_IIS_TLS]WebAdaptorCertificateInstall10.155.1.242] Installing Certificate with thumbprint C5DFD0072FF57247C7199BC03871843A2F30709B and subject CN=10.155.1.242 into IIS Binding for Port 443
12/18/2023 3:22:34 PM: [EC2AMAZ-A]: [[ArcGIS_IIS_TLS]WebAdaptorCertificateInstall10.155.1.242] Finished Installing Certificate
12/18/2023 3:22:34 PM: [EC2AMAZ-A]: LCM: [ End Set ] [[ArcGIS_IIS_TLS]WebAdaptorCertificateInstall10.155.1.242] in 2.5920 seconds.
12/18/2023 3:22:34 PM: [EC2AMAZ-A]: LCM: [ End Resource ] [[ArcGIS_IIS_TLS]WebAdaptorCertificateInstall10.155.1.242]
12/18/2023 3:22:34 PM: [EC2AMAZ-A]: LCM: [ Start Resource ] [[ArcGIS_WebAdaptor]ConfigureServerWebAdaptor10.155.1.242]
12/18/2023 3:22:34 PM: [EC2AMAZ-A]: LCM: [ Start Test ] [[ArcGIS_WebAdaptor]ConfigureServerWebAdaptor10.155.1.242]
12/18/2023 3:22:34 PM: [EC2AMAZ-A]: LCM: [ End Test ] [[ArcGIS_WebAdaptor]ConfigureServerWebAdaptor10.155.1.242] in 0.1980 seconds.
12/18/2023 3:22:34 PM: [EC2AMAZ-A]: LCM: [ Start Set ] [[ArcGIS_WebAdaptor]ConfigureServerWebAdaptor10.155.1.242]
12/18/2023 3:22:34 PM: [EC2AMAZ-A]: [[ArcGIS_WebAdaptor]ConfigureServerWebAdaptor10.155.1.242] https://10.155.1.242/maps-cartes/webadaptor
12/18/2023 3:24:14 PM: [EC2AMAZ-B]: [[ArcGIS_WebAdaptor]ConfigureServerWebAdaptor10.155.1.241] Output of execution:- ERROR: Unable to connect to Web Adaptor URL : https://10.155.1.241/maps-cartes/webadaptor.
12/18/2023 3:24:14 PM: [EC2AMAZ-B]: LCM: [ End Set ] [[ArcGIS_WebAdaptor]ConfigureServerWebAdaptor10.155.1.241] in 103.3310 seconds.
12/18/2023 3:24:14 PM: [EC2AMAZ-B]: LCM: [ End Set ]
12/18/2023 3:24:14 PM: Operation 'Invoke CimMethod' complete.
Trace-DSCJob : 12/18/2023 3:24:14 PM: PowerShell DSC resource ArcGIS_WebAdaptor failed to execute Set-TargetResource
functionality with error message: [ERROR]:- ERROR: Unable to connect to Web Adaptor URL :
https://10.155.1.241/maps-cartes/webadaptor.
Second, if I remote in and load the URL in Edge I get warned and click through with the usual 'unsafe' warning. When I do, I am shown that the Web Adaptor page can only be loaded from the hosting machine?
This feels like the root cause here, but there must be a 1000 other deployments using 11.1 and 4.1.0 out there so not sure what's happening. Any thoughts on this @cameronkroeker ?
@jhevenor is the 10.155.1.241 address an external ip or the private ip? This looks like its an AWS environment, so I suspect the 10.155.1.241 is the external EIP which may not work to configure the web adaptor. I believe you will need to use the private ip.
Thanks, Cameron K.
Hi @cameronkroeker , the 10.155 is an internal IP address. No public IPs are available on the VMs (accessed through app gateway). A note to add, when on VM A (10.155.1.242) I can load the WA link, get warned of cert, and still see the WA config pages as it's the local machine. Trying to load VM B (10.155.1.241) is where I get the message from the image above.