search

Esri / arcgis-powershell-dsc

This repository contains scripts, code and samples for automating the install and configuration of ArcGIS (Enterprise and Desktop) using Microsoft Windows PowerShell DSC (Desired State Configuration).
Apache License 2.0
110 stars 61 forks source link

WebAdaptors fails to install in a base deployment with error SendConfigurationApply function did not succeed #537

Closed minagim closed 1 month ago

minagim commented 2 months ago

Community Note

Module Version

Affected Resource(s)

Configuration Files

# Copy-paste your DSC JSON configurations here - for large configs,
# please use a service like Dropbox and share a link to the ZIP file.

11.2 Base deployment with 4 servers

Invoke-ArcGISConfiguration -ConfigurationParametersFile d:\BaseDeployment-MultiMachine_11_2.json -Mode InstallLicenseConfigure -EnableMSILogging
{
    "AllNodes": [
                    {
                        "NodeName": "datastore server fqdn",
                        "DataStoreTypes": [
                                            "Relational"
                                          ],
                        "Role": [
                                    "DataStore"
                                ],
                        "SslCertificates": [
                                                {
                                                    "Path": "d:\\Certificates\\DataStore_Cert.pfx",
                                                    "Password": "password",
                                                    "CNameFQDN": "datastore server cname fqdn",
                                                    "Target": [
                                                                    "DataStore"
                                                              ]
                                                }
                                           ]
                    },
                    {
                        "NodeName": "webAdaptor server fqdn",
                        "Role": [
                                    "WebAdaptor"
                                ],
                        "WebAdaptorConfig":[
                                                {
                                                    "Role": "Portal"
                                                },
                                                {
                                                    "Role": "Server"
                                                }
                                           ],
                        "SslCertificates": [                                                
                                                {
                                                    "Path": "d:\\Certificates\\Web_Cert.pfx",
                                                    "Password": "password",
                                                    "CNameFQDN": "webAdaptor server cname fqdn",
                                                    "Target": [
                                                                "WebAdaptor"
                                                              ]
                                                }
                                           ]
                    },
                    {
                        "NodeName": "portal server fqdn",
                        "Role": [
                                    "Portal"
                                ],
                        "SslCertificates": [
                                                {
                                                    "Path": "d:\\Certificates\\Portal_Cert.pfx",
                                                    "Password": "password",
                                                    "CNameFQDN": "portal server cname fqdn",
                                                    "SslRootOrIntermediate": [
                                                                                {
                                                                                    "Alias": "PortalRootCert",
                                                                                    "Path": "d:\\Certificates\\Portal_Root_Cert.cer"
                                                                                },
                                                                                {
                                                                                    "Alias": "PortalIntCert",
                                                                                    "Path": "d:\\Certificates\\Portal_Int_Cert.cer"
                                                                                }
                                                                            ],
                                                    "Target": [
                                                                "Portal"
                                                              ]
                                                }
                                           ]
                    },
                    {
                        "NodeName": "ags server fqdn",
                        "Role": [
                                    "Server"
                                ],
                        "SslCertificates": [
                                                {
                                                    "Path": "d:\\Certificates\\AGS_Cert.pfx",
                                                    "Password": "password",
                                                    "CNameFQDN": "ags server cname fqdn",
                                                    "SslRootOrIntermediate": [
                                                                                {
                                                                                    "Alias": "agsRootCert",
                                                                                    "Path": "d:\\Certificates\\ags_Root_Cert.cer"
                                                                                },
                                                                                {
                                                                                    "Alias": "agsIntCert",
                                                                                    "Path": "d:\\Certificates\\ags_Int_Cert.cer"
                                                                                }
                                                                            ],
                                                    "Target": [
                                                                "Server"
                                                              ]
                                                }
                                           ]
                    }
                ],
    "ConfigData": {
                    "Version": "11.2",
                    "ServerContext": "server",
                    "PortalContext": "portal",
                    "FileShareLocalPath": "",
                    "FileShareName": "",
                    "ServerRole": "GeneralPurposeServer",
                    "Credentials": {
                                        "ServiceAccount": {
                                                            "Password": "password",
                                                            "UserName": "ad\\serviceAccount",
                                                            "IsDomainAccount": true,
                                                            "IsMSAAccount": false
                                                          }
                                   },
                    "Server": {
                                "LicenseFilePath": "d:\\Enterprise\\ArcGISGISServerAdvanced_ArcGISServer.prvc",
                                "Installer": {
                                                "Path": "d:\\Enterprise\\ArcGIS_Server_Windows_112_188239.exe",
                                                "InstallDir": "d:\\ArcGIS\\Server",
                                                "InstallDirPython": "C:\\Python27",
                                                "EnableArcMapRuntime": true,
                                                "EnableDotnetSupport": true
                                            },
                                "ServerDirectoriesRootLocation": "d:\\arcgisserver\\directories",
                                "ConfigStoreLocation": "d:\\arcgisserver\\config-store",
                                "ExternalLoadBalancer": "",
                                "InternalLoadBalancer": "",
                                "PrimarySiteAdmin": {
                                                        "UserName": "primarysiteadminuser",
                                                        "Password": "password"
                                                    }
                              },
                    "Portal": {
                                "LicenseFilePath": "d:\\Enterprise\\ArcGIS_Enterprise_Portal_112.json",
                                "PortalLicenseUserTypeId": "creatorUT",
                                "Installer": {
                                                "Path": "d:\\Enterprise\\Portal_for_ArcGIS_Windows_112_188250.exe",
                                                "WebStylesPath": "d:\\Enterprise\\Portal_for_ArcGIS_Web_Styles_Windows_112_188251.exe",
                                                "InstallDir": "d:\\ArcGIS\\Portal",
                                                "ContentDir": "d:\\arcgisportal"
                                             },
                                "ContentDirectoryLocation": "d:\\arcgisportal\\content",
                                "ExternalLoadBalancer": "",
                                "InternalLoadBalancer": "",
                                "PortalAdministrator": {
                                                            "UserName": "portaladminuser",
                                                            "Email": "",
                                                            "Password": "password",
                                                            "SecurityQuestionIndex": 1,
                                                            "SecurityAnswer": "vanilla"
                                                       }
                              },
                    "DataStore": {
                                    "ContentDirectoryLocation": "d:\\arcgisdatastore",
                                    "EnableFailoverOnPrimaryStop": false,
                                    "EnablePointInTimeRecovery": false,
                                    "Installer": {
                                                    "Path": "d:\\Enterprise\\ArcGIS_DataStore_Windows_112_188252.exe",
                                                    "InstallDir": "d:\\ArcGIS\\DataStore"
                                                 }
                                 },
                    "WebAdaptor": {
                                    "AdminAccessEnabled": true,
                                    "Installer": {
                                                    "Path": "d:\\Enterprise\\ArcGIS_Web_Adaptor_for_Microsoft_IIS_112_188253.exe"
                                                 }
                                  }
                  }
}

Expected Behavior

Server and portal web adaptors should install with the right configurations for the base deployment.

Actual Behavior

Datastore, server and portal installed with no issues but the web adaptors failed to install with the following error messages in the log.

PowerShell DSC resource ArcGIS_Install failed to execute Set-TargetResource functionality with error message: Failed to Install WebAdaptorIIS-Portal-portal PowerShell DSC resource ArcGIS_Install failed to execute Set-TargetResource functionality with error message: Failed to Install WebAdaptorIIS-Server-server The SendConfigurationApply function did not succeed.

image

image

Steps to Reproduce

  1. VMs on Azure East US 2 with windows 2022 datacenter
  2. Copy the ArcGIS module to the C:\Program Files\WindowsPowerShell\Modules folder
  3. Copy the software, licenses and ssl certificates to the servers
  4. Run Invoke-ArcGISConfiguration -ConfigurationParametersFile d:\BaseDeployment-MultiMachine_11_2.json -Mode InstallLicenseConfigure -EnableMSILogging

Important Factoids

References

cameronkroeker commented 2 months ago

@minagim can you check to see if Microsoft Web Deploy 3.6 and ASP.NET Core Runtime - Windows Hosting Bundle 6.x are installed on the target node?

https://enterprise.arcgis.com/en/system-requirements/latest/windows/arcgis-web-adaptor-system-requirements.htm#ESRI_SECTION1_B79830AA8CCE4FE4AD1E0981E8BAA2D1

You can have the Module install them by adding these attributes to your json config: https://github.com/Esri/arcgis-powershell-dsc/blob/1348e09ae3b6a7d69a3530d3e3766111b8425397/SampleConfigs/v4/v4.2.1/Base%20Deployment/BaseDeployment-SingleMachine.json#L179-L182

https://github.com/Esri/arcgis-powershell-dsc/wiki/v4.2.1-Variables-reference-page-for-JSON-configuration-files

Screenshot 2024-04-25 at 11 38 12 AM

Thanks, Cameron K.

minagim commented 1 month ago

thanks for the info, Cameron and sorry for the delayed response. I installed MS Web Deploy 3.6 and reinstalled ASP.NET Core Runtime - Windows Hosting Bundle 6.x and resolve the issue. However, i am stuck with one of our ssl certificates at the server level in the configurations and troubleshooting the issue. I will let you know if I need your help on this. Please close the case and thanks for your help on this.

minagim commented 1 month ago

image image image

i am getting the above error and it sounds like it is expecting the Federation context. do i need it for the base deployment?

cameronkroeker commented 1 month ago

image image image

i am getting the above error and it sounds like it is expecting the Federation context. do i need it for the base deployment?

Hi @minagim,

I suspect this error is happening because "ExternalLoadBalancer", and "InternalLoadBalancer" are set to blank values within the json config file. If these are not going to be used then let's remove them from the json config. This is because they are used for federation:

https://github.com/Esri/arcgis-powershell-dsc/blob/1348e09ae3b6a7d69a3530d3e3766111b8425397/Modules/ArcGIS/ArcGIS.psm1#L2080

Thanks, Cameron K.

minagim commented 1 month ago

BaseDeployment-MultiMachine 11_2.json i removed those 2 parameters from the arcgis server and portal and now i am getting the following error even if the portaladmin credentials are specified and i can log into the portal manually. image image image

cameronkroeker commented 1 month ago

BaseDeployment-MultiMachine 11_2.json i removed those 2 parameters from the arcgis server and portal and now i am getting the following error even if the portaladmin credentials are specified and i can log into the portal manually. image image image

@minagim From the node where ArcGIS Server is installed, can you successfully access the following url and generate a token?

https://portal server cname fqdn:7443/arcgis/sharing/rest/generateToken

Since the "InternalLoadBalancer attribute is no longer present, and SSLCertificates.CNameFQDN attribute is defined the module will use CNameFQDN this to construct the url:

https://github.com/Esri/arcgis-powershell-dsc/blob/1348e09ae3b6a7d69a3530d3e3766111b8425397/Modules/ArcGIS/ArcGIS.psm1#L2080

InternalLoadBalancer -> SSLCertificate.CName -> PrimaryPortalMachine.NodeName

minagim commented 1 month ago

correction: i was able to access the portal token generate page with the machine name from the hosting arcgis server machine but not the cname. image

how can i correct this issue?

cameronkroeker commented 1 month ago

correction: i was able to access the portal token generate page with the machine name from the hosting arcgis server machine but not the cname. image

how can i correct this issue?

I suggest using the portal server fqdn for the SSLCertificates.CNameFQDN attribute value.

minagim commented 1 month ago

Thanks, Cameron, changing the Cname to the portal fqdn worked. Is there any pros and cons in using Cname or server fqdn for the datastore, map server and portal server?