Portal-Server provisioning with prvc files.

[pkdavidson]

Just to possibly save others some time: Our Chef cookbook was failing during the authorize Server with Software Authorization step.

Working with Esri support, we discovered that one needs to use two separate PRVC files. One for Server authorization and one for Portal Authorization. If you have just one PRVC file that has Server, Server Extensions and Portal ECP codes (like we had), then make two copies of it. For the Server one, remove the line with the Portal ECP file. For the Portal file, remove the Server and Extensions ECP lines and leave just the Portal authorization.

Esri support thinks this might be a bug in 10.4 Software Authorization. It should probably work with just one file but it appears that during Server authorization, if the Portal ECP is there, then that is the final code SA tries to use and then fails.

Using a ecp file is probably preferable with Chef since it doesn't require Internet access to the Esri licensing servers. However, you can't get an ecp file until you have authorized successfully so that's a bit of a Catch 22.

I did uninstall Server, remove the keycodes file and reinstall with Chef using two separate PRVC files to verify that this cleans up the problem we had been having (errors in the Chef install about unable to activate server.) I had previously verified that using a keycodes.ecp file had also fixed the problem of authorization.

[pbobov]

Yes. Licensing is another gotcha. We usually test with PRVC or ECP files that has Server, Server Extensions and Portal ECP codes. That mostly worked for us. Authorizing with PRVC files calls Esri license server to get ECP file. This is a problem in completely closed environments and if the license server is down.

[pkdavidson]

Yep, the ecp file that worked for me had Server, Server Extenstions and Portal ECP codes in it and it worked fine. I then removed that keycodes file, uninstalled server and a partially installed web adaptor. Created the two separated PRVC files and then reran Chef without a problem.

I did have to install .NET Framework 3.5 by hand to get Chef past the IIS installation on Server 2012 R2. We are thinking that the issue here was a specific Windows Update had removed 3.5

We also have put our domain level login account, that we use to create all of our ArcServer/Portal systems, into the "Local Computer Policy:Computer Configuration:Windows Settings: Security Settings:Local Policies:Log on as a Service" Policy. I don't know if we need this anymore but it was something we have had to do in the past with AGS and Portal installs done by hand. Our VM template just has that in place. I forget the issue we had that required this fix.

Our Production Portal & Federated Hosting Server with Data Store is now up and ready for configuration.

[pbobov]

"Local Computer Policy:Computer Configuration:Windows Settings: Security Settings:Local Policies:Log on as a Service" policy should be set by Server/Portal/Data Store setups.

[pbobov]

arcgis-2.2.0-cookbooks.zip includes third-party ms_dotnet cookbook that arcgis cookbook uses to install .NET Framework 4.5. You can try using this cookbook to install .NET Framework 3.5.

[pkdavidson]

I'll look into that. Need to get into my head that we have a full Windows cookbook.

I thought our Test Portal was setup with .NETfx3.5 but I see that it wasn't successful.

Regarding the Log on as a Service... That would explain something. I have asked my SAII to do the Test Portal install using Chef and he hit the same problem with 3.5 that I did. He was trying various things, one of which was adding our domain account to that Policy. But when I looked on my Production Portal, our domain account was already in that Policy. Since I believe he said he had to do this, it means its not in our VM template and that Chef did this correctly. I was confused why he had to do it. It's just that he hasn't run Chef far enough for that to occur.

This is just one of the benefits I find of Chef. It takes care of a lot of the extra steps you would have to do by hand, after figuring out the fix. My documentation for doing these installs by hand is pages and pages of notes and Google grabs, etc... as you work through various problems that occur. My documentation for doing this with Chef is now only a page or two.
I'm a convert.

[pbobov]

Here is a hint how to use ms_dotnet cookbook to install .NET Framework 4.5.

{
  "ms_dotnet" : {
    "v4" : {
      "version" : "4.5.1"
    }
  },
  "run_list":[
    "recipe[ms_dotnet::ms_dotnet4]"
   ]
}

Installing .NET Framework 3.5 should be similar.

[wml2013]

Thanks for this conversation: very useful -- will look to split up a single ECP file into two separate Portal and ArcGIS server ones.

[pkdavidson]

Hi Wml: If you're using a .ecp file, it should work as a single file with both server and portal authorization inside it. It's the .prvc files that we found needed to be split up into Server and Portal versions.

Hope that helps...