search

Esri / arcgis-powershell-dsc

This repository contains scripts, code and samples for automating the install and configuration of ArcGIS (Enterprise and Desktop) using Microsoft Windows PowerShell DSC (Desired State Configuration).
Apache License 2.0
120 stars 62 forks source link

ArcGIS Server HA: runAs parameter not set #314

Open Biboba opened 3 years ago

Biboba commented 3 years ago

Community Note

Module Version

Affected Resource(s)

Configuration Files

ArcGIS_Enterprise_HA.txt

Expected Behavior

I am trying to run the above DSC in a specific case: this configuration has been successfully applied and VMs configured. Then, I destroyed the standby VM (hosting standby portal, standby tileCache and relational datastore) and I was hopping to get my VM "joined" the site again by running again the DSC config. But ArcGIS Server join site operation fails.

Actual Behavior

Messages : Failed to join the site 'ht
tps://mapsportalqa01.company.com:6443/arcgis/admin'. Server machine 'https://mapsportalqa01.company.com:6443/arcgis/admin/machines/register' returned an 
error. 'Failed to register the server machine 'MAPSPORTALQA02.COMPANY.COM'. Server machine 'https://MAPSPORTALQA02.COMPANY.COM:6443/arcgis/admin' returne
d an error. 'Configuration store error. Cannot get persistence. File system '\\company.com\dfs\GIS\HA\mapsqa\config-store' connection failed. The specified location is not accessible. Ensure that the ArcGIS Server account has read and write access to the location. ''.

Indeed, the ArcGIS Server is not configured to run as the service account defined in the config file. Digging into the log, I get the following:

28-Mar-21 10:35:08 AM: [MAPSPORTALQA02]: LCM:  [ Start  Resource ]  [[ArcGIS_WindowsService]ArcGIS_for_Server_Service]
28-Mar-21 10:35:08 AM: [MAPSPORTALQA02]: LCM:  [ Start  Test     ]  [[ArcGIS_WindowsService]ArcGIS_for_Server_Service]
28-Mar-21 10:35:08 AM: [MAPSPORTALQA02]:                            [[ArcGIS_WindowsService]ArcGIS_for_Server_Service] User name for service 'ArcGIS Server' is 'LocalSystem'. It does not match 'COMPANY\agsuseraccount.
28-Mar-21 10:35:08 AM: [MAPSPORTALQA02]: LCM:  [ End    Test     ]  [[ArcGIS_WindowsService]ArcGIS_for_Server_Service]  in 0.2370 seconds.
28-Mar-21 10:35:08 AM: [MAPSPORTALQA02]: LCM:  [ Start  Set      ]  [[ArcGIS_WindowsService]ArcGIS_for_Server_Service]
28-Mar-21 10:35:08 AM: [MAPSPORTALQA02]:                            [[ArcGIS_WindowsService]ArcGIS_for_Server_Service] Service 'ArcGIS Server' already started, no action required.
28-Mar-21 10:35:08 AM: [MAPSPORTALQA02]: LCM:  [ End    Set      ]  [[ArcGIS_WindowsService]ArcGIS_for_Server_Service]  in 1.2140 seconds.
28-Mar-21 10:35:08 AM: [MAPSPORTALQA02]: LCM:  [ End    Resource ]  [[ArcGIS_WindowsService]ArcGIS_for_Server_Service]
28-Mar-21 10:35:08 AM: [MAPSPORTALQA02]: LCM:  [ Start  Resource ]  [[ArcGIS_Service_Account]Server_RunAs_Account]
28-Mar-21 10:35:08 AM: [MAPSPORTALQA02]: LCM:  [ Start  Test     ]  [[ArcGIS_Service_Account]Server_RunAs_Account]
28-Mar-21 10:35:08 AM: [MAPSPORTALQA02]:                            [[ArcGIS_Service_Account]Server_RunAs_Account] RunAsAccount Username:- COMPANY\agsuseraccount
28-Mar-21 10:35:08 AM: [MAPSPORTALQA02]:                            [[ArcGIS_Service_Account]Server_RunAs_Account] Install Dir for ArcGIS Server is C:\Program Files\Arcgis\Server\
28-Mar-21 10:35:08 AM: [MAPSPORTALQA02]:                            [[ArcGIS_Service_Account]Server_RunAs_Account] Testing Permission for User COMPANY\agsuseraccount on Directory C:\Program Files\Arcgis\Server\
28-Mar-21 10:35:08 AM: [MAPSPORTALQA02]:                            [[ArcGIS_Service_Account]Server_RunAs_Account] Checking Permissions on C:\arcgisserver\logs
28-Mar-21 10:35:08 AM: [MAPSPORTALQA02]:                            [[ArcGIS_Service_Account]Server_RunAs_Account] Testing Permission for User COMPANY\agsuseraccount on Directory C:\arcgisserver\logs
28-Mar-21 10:35:08 AM: [MAPSPORTALQA02]: LCM:  [ End    Test     ]  [[ArcGIS_Service_Account]Server_RunAs_Account]  in 0.0160 seconds.
28-Mar-21 10:35:08 AM: [MAPSPORTALQA02]: LCM:  [ Skip   Set      ]  [[ArcGIS_Service_Account]Server_RunAs_Account]
28-Mar-21 10:35:08 AM: [MAPSPORTALQA02]: LCM:  [ End    Resource ]  [[ArcGIS_Service_Account]Server_RunAs_Account]
28-Mar-21 10:35:08 AM: [MAPSPORTALQA02]: LCM:  [ Start  Resource ]  [[WaitForAll]WaitForAllServermapsportalqa01]
28-Mar-21 10:35:08 AM: [MAPSPORTALQA02]: LCM:  [ Start  Test     ]  [[WaitForAll]WaitForAllServermapsportalqa01]
28-Mar-21 10:35:08 AM: [MAPSPORTALQA02]:                            [[WaitForAll]WaitForAllServermapsportalqa01] Remote resource '[ArcGIS_Server]Servermapsportalqa01' is not ready.
28-Mar-21 10:35:08 AM: [MAPSPORTALQA02]: LCM:  [ End    Test     ]  [[WaitForAll]WaitForAllServermapsportalqa01]  in 0.0760 seconds.
28-Mar-21 10:35:08 AM: [MAPSPORTALQA02]: LCM:  [ Start  Set      ]  [[WaitForAll]WaitForAllServermapsportalqa01]
28-Mar-21 10:35:08 AM: [MAPSPORTALQA02]:                            [[WaitForAll]WaitForAllServermapsportalqa01] Remote resource '[ArcGIS_Server]Servermapsportalqa01' is not ready. Retrying after 60 second(s)
28-Mar-21 10:36:09 AM: [MAPSPORTALQA02]:                            [[WaitForAll]WaitForAllServermapsportalqa01] Remote resource '[ArcGIS_Server]Servermapsportalqa01' is ready
28-Mar-21 10:36:09 AM: [MAPSPORTALQA02]: LCM:  [ End    Set      ]  [[WaitForAll]WaitForAllServermapsportalqa01]  in 60.0680 seconds.
28-Mar-21 10:36:09 AM: [MAPSPORTALQA02]: LCM:  [ End    Resource ]  [[WaitForAll]WaitForAllServermapsportalqa01]

As you see, it detected that the service account did not match and configured it but at the end, it was not taken into account and ArcGIS Server was then failing to "join site". In a previous successful config, I had the following:

23-Mar-21 10:14:13 AM: [MAPSPORTALQA02]: LCM:  [ Start  Resource ]  [[ArcGIS_WindowsService]ArcGIS_for_Server_Service]
23-Mar-21 10:14:13 AM: [MAPSPORTALQA02]: LCM:  [ Start  Test     ]  [[ArcGIS_WindowsService]ArcGIS_for_Server_Service]
23-Mar-21 10:14:13 AM: [MAPSPORTALQA02]:                            [[ArcGIS_WindowsService]ArcGIS_for_Server_Service] User name for service 'ArcGIS Server' is 'LocalSystem'. It does not match 'COMPANY\agsuseraccount.
23-Mar-21 10:14:13 AM: [MAPSPORTALQA02]: LCM:  [ End    Test     ]  [[ArcGIS_WindowsService]ArcGIS_for_Server_Service]  in 0.2410 seconds.
23-Mar-21 10:14:13 AM: [MAPSPORTALQA02]: LCM:  [ Start  Set      ]  [[ArcGIS_WindowsService]ArcGIS_for_Server_Service]
23-Mar-21 10:14:18 AM: [MAPSPORTALQA02]:                            [[ArcGIS_WindowsService]ArcGIS_for_Server_Service] Service 'ArcGIS Server' already started, no action required.
23-Mar-21 10:14:18 AM: [MAPSPORTALQA02]: LCM:  [ End    Set      ]  [[ArcGIS_WindowsService]ArcGIS_for_Server_Service]  in 1.4520 seconds.
23-Mar-21 10:14:18 AM: [MAPSPORTALQA02]: LCM:  [ End    Resource ]  [[ArcGIS_WindowsService]ArcGIS_for_Server_Service]
23-Mar-21 10:14:18 AM: [MAPSPORTALQA02]: LCM:  [ Start  Resource ]  [[ArcGIS_Service_Account]Server_RunAs_Account]
23-Mar-21 10:14:18 AM: [MAPSPORTALQA02]: LCM:  [ Start  Test     ]  [[ArcGIS_Service_Account]Server_RunAs_Account]
23-Mar-21 10:14:18 AM: [MAPSPORTALQA02]:                            [[ArcGIS_Service_Account]Server_RunAs_Account] RunAsAccount Username:- COMPANY\agsuseraccount
23-Mar-21 10:14:18 AM: [MAPSPORTALQA02]:                            [[ArcGIS_Service_Account]Server_RunAs_Account] Install Dir for ArcGIS Server is C:\Program Files\Arcgis\Server\
23-Mar-21 10:14:19 AM: [MAPSPORTALQA02]:                            [[ArcGIS_Service_Account]Server_RunAs_Account] Testing Permission for User COMPANY\agsuseraccount on Directory C:\Program Files\Arcgis\Server\
23-Mar-21 10:14:19 AM: [MAPSPORTALQA02]:                            [[ArcGIS_Service_Account]Server_RunAs_Account] Permissions are not set for C:\Program Files\Arcgis\Server\
23-Mar-21 10:14:19 AM: [MAPSPORTALQA02]: LCM:  [ End    Test     ]  [[ArcGIS_Service_Account]Server_RunAs_Account]  in 0.1120 seconds.
23-Mar-21 10:14:19 AM: [MAPSPORTALQA02]: LCM:  [ Start  Set      ]  [[ArcGIS_Service_Account]Server_RunAs_Account]
23-Mar-21 10:14:19 AM: [MAPSPORTALQA02]:                            [[ArcGIS_Service_Account]Server_RunAs_Account] RunAsAccount Username:- COMPANY\agsuseraccount
23-Mar-21 10:14:19 AM: [MAPSPORTALQA02]:                            [[ArcGIS_Service_Account]Server_RunAs_Account] Install Dir for ArcGIS Server is C:\Program Files\Arcgis\Server\
23-Mar-21 10:14:19 AM: [MAPSPORTALQA02]:                            [[ArcGIS_Service_Account]Server_RunAs_Account] Testing Permission for User COMPANY\agsuseraccount on Directory C:\Program Files\Arcgis\Server
23-Mar-21 10:14:19 AM: [MAPSPORTALQA02]:                            [[ArcGIS_Service_Account]Server_RunAs_Account] Providing RunAs Account 'COMPANY\agsuseraccount' has the required permissions to C:\Program Files\Arcgis\Server
23-Mar-21 10:14:19 AM: [MAPSPORTALQA02]:                            [[ArcGIS_Service_Account]Server_RunAs_Account] icacls.exe C:\Program Files\Arcgis\Server /grant COMPANY\agsuseraccount:(OI)(CI)F
23-Mar-21 10:14:24 AM: [MAPSPORTALQA02]:                            [[ArcGIS_Service_Account]Server_RunAs_Account] Restarting Service ArcGIS Server
23-Mar-21 10:14:29 AM: [MAPSPORTALQA02]:                            [[ArcGIS_Service_Account]Server_RunAs_Account] Stopping the service
23-Mar-21 10:14:29 AM: [MAPSPORTALQA02]:                            [[ArcGIS_Service_Account]Server_RunAs_Account] Stopped the service
23-Mar-21 10:14:29 AM: [MAPSPORTALQA02]:                            [[ArcGIS_Service_Account]Server_RunAs_Account] Starting the service
23-Mar-21 10:14:29 AM: [MAPSPORTALQA02]:                            [[ArcGIS_Service_Account]Server_RunAs_Account] Restarted Service ArcGIS Server
23-Mar-21 10:14:29 AM: [MAPSPORTALQA02]: LCM:  [ End    Set      ]  [[ArcGIS_Service_Account]Server_RunAs_Account]  in 13.8610 seconds.
23-Mar-21 10:14:29 AM: [MAPSPORTALQA02]: LCM:  [ End    Resource ]  [[ArcGIS_Service_Account]Server_RunAs_Account]
23-Mar-21 10:14:29 AM: [MAPSPORTALQA02]: LCM:  [ Start  Resource ]  [[WaitForAll]WaitForAllServermapsportalqa01]
23-Mar-21 10:14:29 AM: [MAPSPORTALQA02]: LCM:  [ Start  Test     ]  [[WaitForAll]WaitForAllServermapsportalqa01]
23-Mar-21 10:14:29 AM: [MAPSPORTALQA02]:                            [[WaitForAll]WaitForAllServermapsportalqa01] Remote resource '[ArcGIS_Server]Servermapsportalqa01' is not ready.
23-Mar-21 10:14:29 AM: [MAPSPORTALQA02]: LCM:  [ End    Test     ]  [[WaitForAll]WaitForAllServermapsportalqa01]  in 0.3850 seconds.
23-Mar-21 10:14:29 AM: [MAPSPORTALQA02]: LCM:  [ Start  Set      ]  [[WaitForAll]WaitForAllServermapsportalqa01]
23-Mar-21 10:14:29 AM: [MAPSPORTALQA02]:                            [[WaitForAll]WaitForAllServermapsportalqa01] Remote resource '[ArcGIS_Server]Servermapsportalqa01' is not ready. Retrying after 60 second(s)
23-Mar-21 10:15:29 AM: [MAPSPORTALQA02]:                            [[WaitForAll]WaitForAllServermapsportalqa01] Remote resource '[ArcGIS_Server]Servermapsportalqa01' is not ready. Retrying after 60 second(s)
23-Mar-21 10:16:29 AM: [MAPSPORTALQA02]:                            [[WaitForAll]WaitForAllServermapsportalqa01] Remote resource '[ArcGIS_Server]Servermapsportalqa01' is not ready. Retrying after 60 second(s)
23-Mar-21 10:17:30 AM: [MAPSPORTALQA02]:                            [[WaitForAll]WaitForAllServermapsportalqa01] Remote resource '[ArcGIS_Server]Servermapsportalqa01' is ready
23-Mar-21 10:17:30 AM: [MAPSPORTALQA02]: LCM:  [ End    Set      ]  [[WaitForAll]WaitForAllServermapsportalqa01]  in 180.1710 seconds.
23-Mar-21 10:17:30 AM: [MAPSPORTALQA02]: LCM:  [ End    Resource ]  [[WaitForAll]WaitForAllServermapsportalqa01]

The difference is that in my current case, the ArcGIS Server is not restarted while it should so that it is taken into account.

After restarting the service so that it picked up run as the service account change, run the config again, "join site" operation was successful.

So it seems like it should restart not only when permissions are set on directoriry "C:\Program Files\Arcgis\Server" but also when the "Run As" property has been updated.

Thanks !

github-actions[bot] commented 2 weeks ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.