search

Esri / arcgis-powershell-dsc

This repository contains scripts, code and samples for automating the install and configuration of ArcGIS (Enterprise and Desktop) using Microsoft Windows PowerShell DSC (Desired State Configuration).
Apache License 2.0
113 stars 61 forks source link

IIS/IWA EnableAutomaticAccountCreation not set correctly (10.7.1 using PSDSC 2.1.1) - default user type id must be specified #208

Closed pfoppe closed 4 years ago

pfoppe commented 4 years ago

Hello,

I recently deployed a new base v10.7.1 ArcGIS Enterprise on 1 machine (IIS, 2 web-adaptors, portal, server, datastore) using the "Configure-ArcGIS" InstallLicenseConfigure command. This environment is setup with IIS web-tier authentication and the the automatic account creation was specified as "true". See attached (redacted) .json file

Overall the execution appeared successful (all products installed, licensed, federated, hosted, etc), but users were unable to login the first time. Investigation into the environment showed that the "enableAutomaticAccountCreation" was set to false (https://server.domain/portal/portaladmin/security/config). I was able to manually set it to true.

Looking through the logs... this seems to have failed. Per the ArcGISConfigure--PM-Verbose.txt:

[MACHINE]: [[ArcGIS_Portal]PortalMACHINE] Set-PortalSecurityConfig Response:- @{code=500; message=A default user type id must be specified to enable automatic account creation for your Enterprise portal.; details=} @{error=}

The Esri Docs at v10.7.1 also state that a default user type needs to be set - https://enterprise.arcgis.com/en/portal/latest/administer/windows/automatic-registration-of-enterprise-accounts.htm

Thoughts? We've been successful doing 10.6.1 to 10.7.1 upgrades so far, just seemed to fail with a default 10.7.1 install.

Thanks!

redacted_json.txt

pfoppe commented 4 years ago

Hello, we recently deployed a new system and ran into this issue again. Any update/feedback?

cameronkroeker commented 4 years ago

Hi @pfoppe,

I believe the issue is that the "defaultRoleForUser" and "defaultUserTypeIdForUser" parameters are not being passed in the POST request when setting "enableAutomaticAccountCreation" to true. Perhaps the upgrades are succeeding because those values were/are already set/present prior to the upgrade.

pfoppe commented 4 years ago

Hi @cameronkroeker

Thanks for the response. Looking at this specific environment, I can confirm the portal "DefaultUserTypeIdForUser" was set to "creatorUT". The json file does have the "PortalLicenseUserType" set to "Creator" which I think is what set this.

Its been over a month since we completed this install, but I'm pretty sure that got set by the PSDSC execution.

Do you think this is a bug? Anything else I can do to correct this for future deployments (like a missing setting)? Thanks

cameronkroeker commented 4 years ago

@pfoppe Apologies for the long delay, but this issue will be addressed in the next release.

pfoppe commented 4 years ago

Great... thanks!!

cameronkroeker commented 4 years ago

@pfoppe,

We have addressed this issue in the latest release, v3.0.0:

https://github.com/Esri/arcgis-powershell-dsc/releases

Sample Config: https://github.com/Esri/arcgis-powershell-dsc/blob/7d365cb94b9ae351797af2cce582dd8b811f1a49/SampleConfigs/v3/Base%20Deployment/BaseDeployment-SingleMachine.json#L112