arcgis-powershell-dsc icon indicating copy to clipboard operation
arcgis-powershell-dsc copied to clipboard

Published 20 hours ago verified publisher icon Esri

Enterprise 11.1 - Error creating site when using Azure Storage accounts.

Open vassilo opened this issue 1 year ago • 8 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request

Module Version

  • 4.2

Affected Resource(s)

  • ArcGIS_Server
  • ArcGIS_Portal

Configuration Files

            "ConfigStoreCloudStorageAccount":{
                "UserName": "mneustortestesri01.blob.core.windows.net/hosting-config-store",
                "Password": "<AccessKey>",
                "CloudStorageType": "AzureBlob",
                "CloudNamespace": "mneustortestesri01_hosting-config-store",
                "AzureBlobAuthenticationType": "AccessKey"
            }, 

and 

            "ConfigStoreCloudStorageAccount":{
                "UserName": "mneustortestesri01.blob.core.windows.net/hosting-config-store",
                "CloudStorageType": "AzureBlob",
                "AzureBlobAuthenticationType": "ServicePrincipal",
                "AzureBlobServicePrincipal": {
                    "TenantId": "2864f69d-77c3-xxxx-xxxx-97502052391a",
                    "ClientId": "10a7e774-a8fc-xxxxx-xxx-98e7e6e6658a",
                    "ClientSecret": "WZp8Q----------------xkBR402yddjo"
                }
            },

Expected Behavior

Connect to the storage account and create the ArcGIS GIS Server site or Portal for ArcGIS site.

Actual Behavior

When using access keys to connect to the storage account

1/18/2024 5:18:11 AM: [mneu-t-a-esri01]: [[ArcGIS_Server]Servermneu-t-a-esri01.anglo.local] Response from CreateSite:- { "status": "error", "messages": [ "No such host is known (mneustortestesri01.table.core.windows.net)." ], "code": 500 } 1/18/2024 5:18:11 AM: [mneu-t-a-esri01]: [[ArcGIS_Server]Servermneu-t-a-esri01.anglo.local] [WARNING] Error while creating site on attempt 1 Error:- CreateSite Failed. Error:- No such host is known (mneustortestesri01.table.core.windows.net). 1/18/2024 5:18:11 AM: [mneu-t-a-esri01]: [[ArcGIS_Server]Servermneu-t-a-esri01.anglo.local] [WARNING] Unable to create Site. Error:- CreateSite Failed. Error:- No such host is known (mneustortestesri01.table.core.windows.net). 1/18/2024 5:18:11 AM: [mneu-t-a-esri01]: [[ArcGIS_Server]Servermneu-t-a-esri01.anglo.local] CreateSite Failed. Error:- No such host is known (mneustortestesri01.table.core.windows.net).

It is seems to be trying to connect to table storage instead of blob storage.

When using a service principle to connect to the storage account

1/19/2024 4:53:57 AM: [mneu-t-a-esri01]: [[ArcGIS_Server]Servermneu-t-a-esri01.anglo.local] Response from CreateSite:- { "status": "error", "messages": [ "Failed to create the site. Configuration store error. Azure cloud storage namespace \u0027null\u0027 schema creation failed in 1 ms. Invalid connection string. " ], "code": 500 } 1/19/2024 4:53:57 AM: [mneu-t-a-esri01]: [[ArcGIS_Server]Servermneu-t-a-esri01.anglo.local] [WARNING] Error while creating site on attempt 1 Error:- CreateSite Failed. Error:- Failed to create the site. Configuration store error. Azure cloud storage namespace 'null' schema creation failed in 1 ms. Invalid connection string. 1/19/2024 4:53:57 AM: [mneu-t-a-esri01]: [[ArcGIS_Server]Servermneu-t-a-esri01.anglo.local] [WARNING] Unable to create Site. Error:- CreateSite Failed. Error:- Failed to create the site. Configuration store error. Azure cloud storage namespace 'null' schema creation failed in 1 ms. Invalid connection string. 1/19/2024 4:53:57 AM: [mneu-t-a-esri01]: [[ArcGIS_Server]Servermneu-t-a-esri01.anglo.local] CreateSite Failed. Error:- Failed to create the site. Configuration store error. Azure cloud storage namespace 'null' schema creation failed in 1 ms. Invalid connection string.

Steps to Reproduce

Create a config to connect to Azure Storage account and configure for ArcGIS GIS Server to use it.

Important Factoids

References

vassilo avatar Jan 18 '24 11:01 vassilo

Hi @vassilo,

ArcGIS Server doesn't support specifying a specific container. Let's try removing the/hosting-config-store from the UserName attribute value. For example:

"ConfigStoreCloudStorageAccount":{
   "UserName": "mneustortestesri01.blob.core.windows.net",
   "Password": "<AccessKey>",
   "CloudStorageType": "AzureBlob",
   "CloudNamespace": "mneustortestesri01_hosting-config-store",
   "AzureBlobAuthenticationType": "AccessKey"
},

Thanks, Cameron K.

cameronkroeker avatar Jan 20 '24 04:01 cameronkroeker

Hi @cameronkroeker

When using a Service Principle Name I still get the

1/22/2024 3:56:32 AM: [mneu-t-a-esri01]: [[ArcGIS_Server]Servermneu-t-a-esri01.anglo.local] Response from CreateSite:- { "status": "error", "messages": [ "Failed to create the site. Configuration store error. Azure cloud storage namespace \u0027null\u0027 schema creation failed in 0 ms. Invalid connection string. " ], "code": 500 }

And when using the Access Key

1/22/2024 4:01:13 AM: [mneu-t-a-esri01]: [[ArcGIS_Server]Servermneu-t-a-esri01.anglo.local] Response from CreateSite:- { "status": "error", "messages": [ "No such host is known (mneustortestesri01.table.core.windows.net)." ], "code": 500 }

Regards, Vassilo

vassilo avatar Jan 22 '24 03:01 vassilo

it appears the storage account is not a general purpose storage account, but a blob only storage account.

The ArcGIS Server config. store needs Table storage endpoints

nshampur avatar Jan 22 '24 04:01 nshampur

Ah ha. Thank you. I will change the account and then test. Maybe the documentation needs to be a bit more specific in the requirements of the storage account. We had selected premium to get it as speedy as possible.

Thanks, Vassilo

vassilo avatar Jan 22 '24 04:01 vassilo

Hi,

I have recreated the storage account to the required one. However, I am still getting the following error when using a SPN.

1/22/2024 9:13:00 AM: [mneu-t-a-esri01]: [[ArcGIS_Server]Servermneu-t-a-esri01.anglo.local] Response from CreateSite:- { "status": "error", "messages": [ "Failed to create the site. Configuration store error. Azure cloud storage namespace \u0027null\u0027 schema creation failed in 0 ms. Invalid connection string. " ], "code": 500 }

Regards, Vassilo

vassilo avatar Jan 22 '24 09:01 vassilo

Hi @vassilo,

Looks like in the json config the AzureBlobAuthenticationType is set to AccessKey rather than ServicePrincipalName. Here is an example for ServicePrincipalName:

"ConfigStoreCloudStorageAccount":{
   "UserName": "mneustortestesri01.blob.core.windows.net",
   "CloudStorageType": "AzureBlob",
   "AzureBlobAuthenticationType": "ServicePrincipal",
   "AzureBlobServicePrincipal": {
      "TenantId": "<tenant>",
      "ClientId": "<appId>",
      "ClientSecret": "<password>"
   },
   "CloudNamespace": "mneustortestesri01_hosting-config-store"
}

Thanks, Cameron K.

cameronkroeker avatar Jan 22 '24 16:01 cameronkroeker

Hi @cameronkroeker

In my initial post I had the config for SPN, which by the looks of it is the same as what you have posted. Could it be a permission issue? The SPN has Storage Blob Data Contributor on the storage account. For the "ClientSecret" do I use the actual password (Value) or the Secret ID?

Regards, Vassilo

vassilo avatar Jan 23 '24 03:01 vassilo

Hi @cameronkroeker

In my initial post I had the config for SPN, which by the looks of it is the same as what you have posted. Could it be a permission issue? The SPN has Storage Blob Data Contributor on the storage account. For the "ClientSecret" do I use the actual password (Value) or the Secret ID?

Regards, Vassilo

Let's check to make sure the storage account has the following:

  • Storage Blob Data Contributor
  • Storage Table Data Contributor
  • Role assignment has Data owner permissions

cameronkroeker avatar Jan 24 '24 16:01 cameronkroeker