New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Failed to configure SSL certificates #225
Comments
@azinsharaf arcgis_enterprise_server 'Configure HTTPS' do In your ha-primary.json file may need to specify the following two attributes: node['arcgis']['server']['url'] = ArcGIS Server URL. The default URL is https://:6443/arcgis using the fully qualified domain name of the machine on which Chef is running. If ArcGIS Server and the web adaptor are running on different machines, then this value should be explicitly set. Since this wasn't specified chef chose the default to be server_url "https://VSRVGIST1.City.SantaClara.local:6443/arcgis" node['arcgis']['server']['private_url'] = ArcGIS Server URL without Web Adaptor. Default URL is https://:6443/arcgis. Since this wasn't specified chef chose: server_admin_url "https://egist.santaclaraca.gov:6443/arcgis/admin" |
I added the following parameters but still get the Failed to configure SSL certificates in ArcGIS Server. error.
Since we configure the third party NLB at the end, we have not set the CNAME record on the primary server. I am wondering we need to add dns name to the |
The certificate that is being imported into AGS needs to match the hostname that is going to be used for the server_admin_url. Sounds like the certificate is issued to egist.santaclaraca.gov, so then yes in this case the DNS for the AGS machine will need to be able to reach egist.santaclaraca.gov. An entry can be placed into the /etc/hosts file until the CNAME is created. I believe there is a recipe within the arcgis-enterprise cookbook that can be used to add the entry into the etc/host file:
https://github.com/Esri/arcgis-cookbook/wiki/arcgis%E2%80%90enterprise-Cookbook-Recipes#hosts |
I included the host recipe and it maps the IP address to domain name but still returns SSL certificate error. This is the log in debug mode. DEBUG: Request: POST https://VSRVGIST1.City.SantaClara.local:6443/arcgis/admin/machines/VSRVGIST1.CITY.SANTACLARA.LOCAL/sslcertificates/egist.santaclaraca.gov |
I believe this is because the request being made POST https://VSRVGIST1.City.SantaClara.local:6443/arcgis/admin/generateToken does not match the hostname the certificate is issued to. Looks like when AGS installed it used VSRVGIST1.City.SantaClara.local as its Admin URL instead of egist.santaclaraca.gov. If you sign into https://VSRVGIST1.City.SantaClara.local:6443/arcgis/admin/machines/ what is listed as its Admin URL? I suspect its still https://VSRVGIST1.City.SantaClara.local:6443/arcgis/admin. This gets set during AGS Site creation. Now that you have the hosts file set, AGS site may need to be recreated to pick up the change. |
Thank you for your help. We could fix it by following these changes: No SSL certificate error. Now following URLs work fine with valid certificate but the web-adaptor URLs still don't work for some reason. Web adapter URLs are showing server name instead of domain name. I create a new post for web adaptor since SSL issue has been resolved here.
|
Now on the second machine (GIST2) I am getting this error. Any idea?
I am using same Win service account that has read/write access to These are output of chef:
|
Update: I worked with Trevor from Esri support and he assisted me to finalize the scripts. We are implementing a HA ArcGIS Enterprise 10.6.1 in Win environment with a third party network load balancer. Note 1)
and secondary:
Note 2) Note 3) Note 4) Note 5) Hope these are helpful. I want to take this opportunity to thank @pbobov , @cameronkroeker and Trevor for the valuable effort to provide and support ArcGIS Cookbook. I was able to deploy a HA ArcGIS Enterprise in 6 hours which is amazing. Thanks, |
Hi @pbobov
I am getting the following error when running ha-primary.json file. Please advise.
arcgis_enterprise_server[Configure HTTPS] action configure_https[2019-05-08T13:28:12-07:00] ERROR: Failed to configure SSL certificates in ArcGIS Server. Admin URL 'https://egist.santaclaraca.gov:6443/arcgis/admin' is not reachable from 'VSRVGIST1.CITY.SANTACLARA.LOCAL'. For more information, see the ArcGIS Server help topic "About adding a GIS server to a site". You can access this topic in the table of contents by navigating to Administering ArcGIS Server > Common administrative tasks > Adding a GIS Server to a site.
[2019-05-08T13:28:43-07:00] ERROR: Failed to configure SSL certificates in ArcGIS Server. Importing CA certificate failed.
Compiled Resource:
------------------
# Declared in c:/chef/local-mode-cache/cache/cookbooks/arcgis-enterprise/recipes/server.rb:104:in
from_file'`This is json file:
The text was updated successfully, but these errors were encountered: