Questions or issues that you may encounter when working with ArcGIS Enterprise portals as well as possible solutions are listed below. If you don't find your particular question, you can also search for articles on the Esri Support center website.
Upgrading
- After upgrading, the portal website does not display correctly, displays an error message, or I can't log in. What's wrong?
- After upgrading, I don't see all of my items, groups, and users in my portal. What's going on?
- When I access the portal website after installing 10.8.1, I see a notice that the number of licenses assigned in the portal exceeds the number of licenses available. How do I resolve this issue?
- After upgrading, members in my organization were assigned the Standard (Temporary) or Lite (Temporary) user types. What are these and how can I assign the correct user types to my members?
- When attempting to create the initial administrator account when upgrading my portal, I receive the message There was an error creating your initial administrator account. How do I resolve this to complete the upgrade?
- When I open Organization > Settings > ArcGIS Online in the portal website to update subscriber and premium ArcGIS Living Atlas of the World content after upgrading the portal, I see an error message that credentials are invalid or ArcGIS Online cannot be accessed. What is wrong and how do I correct these issues?
Administration
- How do I configure Portal for ArcGIS to be highly available?
- What is the purpose of the initial administrator account? Can I demote or delete it?
- How do I connect to ArcGIS Server after federating the server with my portal?
- Why is the option to sign in to the ArcGIS Enterprise portal inactive in ArcMap if I am not connected to my network, even though my portal and ArcMap are installed on the same machine?
- When attempting to federate an ArcGIS Server site with my portal, a message displays in the Add ArcGIS Server dialog box stating There was an error communicating with the server. Please check your URL and your credentials and try again.
- Can I rename the machine where Portal for ArcGIS is installed?
- When I attempt to open the portal website in Internet Explorer, the website fails to load or a message is returned stating the website could not be displayed.
- When accessing the ArcGIS Enterprise portal website and ArcGIS Portal Directory through HTTPS, it takes some time (up to a minute) for the applications to load in Internet Explorer.
- How do I configure Portal for ArcGIS with my organization's reverse proxy server?
- Can I configure the same ArcGIS Web Adaptor to work with both ArcGIS Server and Portal for ArcGIS?
- If my portal uses enterprise groups, does the portal identity store update as soon as a new login is added to a group on my Windows Active Directory or LDAP server?
- If my portal uses enterprise groups, are new enterprise groups automatically added to my portal when I add them to my Windows Active Directory or LDAP server?
- If my portal uses enterprise accounts and groups, what happens when a user is deleted from my Windows Active Directory or LDAP server?
- If my portal uses enterprise groups, what happens to the corresponding portal when an enterprise group is renamed or deleted from my Windows Active Directory or LDAP server?
- My portal uses an SAML identity provider, and I had disabled the option for members to log in with their built-in ArcGIS accounts. How do I re-enable this option?
- After switching my portal's security configuration from Active Directory or LDAP to SAML, all SAML users are removed from their SAML-based enterprise groups every night. What's happening?
- It takes a very long time for Map Viewer to load in my web browser.
- Thumbnails for newly created web maps are not generated or do not display correctly.
- After configuring a new custom SSL certificate, my portal is inaccessible. How can I recover?
- When the portal is configured to use Integrated Windows Authentication, user logins either fail intermittently or are very slow. The portal logs contain the entry: User '<username>' not found in the identity store provider.
- When I open Organization > Settings > ArcGIS Online in the portal website, I see an error message that indicates credentials are invalid or ArcGIS Online cannot be accessed. What is wrong and how do I correct these issues?
Backups
Publishing
- When enabling the Feature Access or Tiled Mapping capability while publishing a hosted service to an ArcGIS Enterprise portal from ArcMap, publishers are prompted with a security alert that requires them to verify a certificate.
- When publishing a scene layer from ArcGIS Pro, publishing succeeds, but the scene cache fails to create, and the publisher receives the following message: Error 001784: Unable to connect to the database used for scene caches (unauthorized). Failed to execute (Manage Scene Cache).
Upgrading
After upgrading, the portal website does not display correctly, displays an error message, or I can't log in. What's wrong?
Clear your browser's cache (including cookies). These errors are typically due to information from the previous version of the website being cached in the browser. If you still can't log in, make sure you are using the initial administrator account or an account that has administrative privileges to your portal.
After installing the software and specifying the initial administrator account, you must reindex your portal. This step completes the upgrade of your portal. Initially, you may not see all of your items, groups, and users because the reindex is not complete. Depending on the number of users and volume of content in your portal, it may take some time for the reindex to complete. For example, a small organization (hundreds of users and content items) running Portal for ArcGIS on a machine with 8 cores may take 15 minutes to reindex. Conversely, a large organization (tens of thousands of users and content items) running Portal for ArcGIS on a machine with 8 cores may take more than 3 hours to reindex.
You can check the status of the reindex by following the steps below. When the store and index counts are equal, the reindex and upgrade are complete.
- Open the ArcGIS Portal Directory and sign in with the initial administrator account. The URL is formatted https://portal.domain.com:7443/arcgis/portaladmin.
- Click System > Indexer > Index Status.
- Refresh the page to obtain the latest status.
When I access the portal website after installing 10.8.1, I see a notice that the number of licenses assigned in the portal exceeds the number of licenses available. How do I resolve this issue?
In Portal for ArcGIS 10.7 and later versions, user type licensing is enforced. You cannot have more users assigned licenses than what your portal is licensed for. This notice shows whether you have more add-on licenses or user types assigned than you have available. Users assigned licenses that exceed the number of licenses available may not be able to access the portal. To resolve this issue, go to the Licenses tab and reassign licenses that are in overdraft. Alternatively, to add licenses to your portal, obtain a new portal license file. See Manage licenses to learn more about assigning licenses in the portal.
After upgrading, members in my organization were assigned the Standard (Temporary) or Lite (Temporary) user types. What are these and how can I assign the correct user types to my members?
In Portal for ArcGIS 10.7 and later versions, user type licensing is enforced. When upgrading, your existing members are assigned a user type. If you have only one compatible user type in the license file, your members will be assigned that user type. There are several scenarios, however, where temporary user types are assigned during the upgrade, and you must manually assign user types to your members when the upgrade is complete. The following are a few examples of common upgrade scenarios:
- Your organization has named user or level 2 members, and your new license file has only one compatible user type (for example, Creator). All named users or level 2 members will be assigned the Creator user type. No temporary user types will be assigned.
- Your organization has named user or level 2 members, and your new license file has more than one compatible user type (for example, Creator and GIS Professional). All named user or level 2 members will be assigned the Standard (Temporary) user type. Members assigned the Standard (Temporary) user type cannot access the portal until you assign a valid user type license.
- Your organization has level 1 users, and your new license file does not include any compatible user types (for example, Viewer). These members will be assigned the Lite (Temporary) user type. Members assigned the Lite (Temporary) user type cannot access the portal until you assign a valid user type license. To add Viewer licenses to your portal, you need to obtain a new portal license file.
When attempting to create the initial administrator account when upgrading my portal, I receive the message There was an error creating your initial administrator account. How do I resolve this to complete the upgrade?
Information in the portal logs can help you resolve the issue. This error can occur if network connectivity was temporarily lost when creating the account. To access the logs, browse to the logs directory and open the most recent log file (for example, C:\arcgisportal\logs\<machine name>\portal\portal-20141201.095803-8596-0.0.log). If necessary, users in the United States can contact Esri Support and international users can contact their distributor for additional help.
When I open Organization > Settings > ArcGIS Online in the portal website to update subscriber and premium ArcGIS Living Atlas of the World content after upgrading the portal, I see an error message that credentials are invalid or ArcGIS Online cannot be accessed. What is wrong and how do I correct these issues?
The portal must validate your ArcGIS Online credentials before you can update subscriber and premium Living Atlas content. If it cannot, one of the following messages is returned in the portal website and in the logs for the hosting server:
- The credentials used to access subscriber and/or premium Living Atlas content are invalid. Update credentials with valid ArcGIS Online organizational account credentials before you upgrade Living Atlas content.—ArcGIS Enterprise connected to the ArcGIS Online organization and determined that your existing credentials are invalid. Make sure the password has not changed for your ArcGIS Online account and, for premium content, that the account still has credits available.
If the password changed or if you need to provide a new account to access subscriber and premium Living Atlas content from ArcGIS Online, update credentials. If you updated credentials as part of upgrading Portal for ArcGIS, click Upgrade Content to complete the Living Atlas content upgrade.
- ArcGIS Online cannot be accessed from this portal. Check your firewall settings or portal proxy settings before you upgrade Living Atlas content.—ArcGIS Enterprise cannot connect to the ArcGIS Online account associated with your credentials. In most cases, this is due to issues on your network that are preventing communication with ArcGIS Online.
- Cannot validate credentials used to access subscriber and/or premium Living Atlas content, therefore you cannot upgrade the content. Contact Esri technical support or your international distributor.—In rare cases, problems with the Portal for ArcGIS upgrade can prevent you from upgrading Living Atlas content. If you see this message, contact Esri technical support (in the United States) or your international Esri distributor (outside the United States) to identify and correct the problem.
Administration
Portal for ArcGIS is configurable and supported in a highly available environment. For full instructions, see Configure a highly available portal.
After you've installed Portal for ArcGIS and configured it for use, you can access the portal website. At this time, you need to provide the name, password, email, and identity question and answer for a new account that you will initially use to sign in to the website and administer your portal. This account is called the initial administrator account.
The initial administrator account user name and password are stored by Portal for ArcGIS. The initial administrator is not an operating system account, and it has no relation to the Portal for ArcGIS account. Later, you can specify other accounts as administrators, demote the initial administrator to a role with fewer privileges, or delete the initial administrator account.
When you federate ArcGIS Server with your portal, the portal's security store controls all access to the server. The users and roles you previously used with ArcGIS Server are no longer valid for accessing the server; instead, you perform all connections to the server using portal accounts.
The only exception is the ArcGIS Server primary site administrator account. You can always log in to the ArcGIS Server Administrator Directory using this account if you connect directly through port 6080 or 6443. However, you cannot use this account to log in to ArcGIS Server Manager when the server is federated with your portal.
To learn more about how to connect to your server when it's federated with your portal, see Administer a federated server.
Why is the option to sign in to the ArcGIS Enterprise portal inactive in ArcMap if I am not connected to my network, even though my portal and ArcMap are installed on the same machine?
ArcGIS Desktop expects to communicate with an ArcGIS Enterprise portal over a network. If you're running both ArcGIS Desktop and Portal for ArcGIS on the same machine and need to connect while you're offline, select the Support connecting to local portal with no network option when connecting in ArcGIS Administrator.
- Start ArcGIS Administrator on the machine where ArcGIS Desktop and Portal for ArcGIS are installed, and click Advanced.
- Check the Support connecting to local portal with no network box.
- Click Save to close the Advanced Configuration dialog box.
- Click OK to close ArcGIS Administrator.
When attempting to federate an ArcGIS Server site with my portal, a message displays in the Add ArcGIS Server dialog box stating There was an error communicating with the server. Please check your URL and your credentials and try again.
You may encounter this error for any of the following reasons:
- The Server URL or the Administrator URL value you entered for the ArcGIS Server site is incorrect or unreachable. Verify the following:
- If the ArcGIS Server site includes ArcGIS Web Adaptor, the Server URL value is the Web Adaptor address, for example, http://webadaptorhost.domain.com/webadaptorname. If no Web Adaptor is present, the Server URL value is the same as the Administrator URL value, for example, http://gisserver.domain.com:6080/arcgis.
- If your organization requires HTTPS for all communication, use https in the URL.
- The URL includes the fully qualified domain name (FQDN) of the machine. The FQDN is required.
- The communication protocol of the ArcGIS Server site has been updated to use HTTP and HTTPS or HTTPS only.
- The communication protocol matches that of the portal. For example, if the portal requires HTTPS for all communication, ArcGIS Server should also be configured as HTTPS only. Conversely, if the portal does not require HTTPS, the server communication protocol should be HTTP and HTTPS.
- If the ArcGIS Server site includes ArcGIS Web Adaptor, ArcGIS Web Adaptor must be reconfigured with ArcGIS Server after updating the site's communication protocol.
- Your firewall allows communication between ArcGIS Server and your portal. For information on the specific ports to open, see Ports used by ArcGIS Server and Ports used by Portal for ArcGIS.
- Web-tier authentication, such as Integrated Windows Authentication (IWA), is disabled and anonymous access is enabled on the ArcGIS Server site. Although it may sound counterintuitive, this is necessary so your site is free to federate with the portal and read the portal's users and roles.
- You entered an incorrect Username or Password:
- For Username, specify the user name of the primary site administrator account that was used to initially log in to ArcGIS Server Manager and administer the server. If this account is disabled, you must reenable it. No other account can be used.
- For Password, provide the password of the primary site administrator account.
For more information, see Federate an ArcGIS Server site with your portal.
When I attempt to open the portal website in Internet Explorer, the website fails to load or a message is returned stating the website could not be displayed.
Ensure that the host name in the portal website URL is listed as a trusted site in Internet Explorer. To add your portal's URL as a trusted site to Internet Explorer, open Internet Options. Trusted sites are added on the Security tab. If you're trying to access a portal that is running on the same server as Internet Explorer, add the following as trusted sites:
- http://localhost
- https://localhost
- http://portal.domain.com
- https://portal.domain.com
When accessing the ArcGIS Enterprise portal website and ArcGIS Portal Directory through HTTPS, it takes some time (up to a minute) for the applications to load in Internet Explorer.
By default, Internet Explorer attempts to connect to the internet when you access HTTPS URLs in the browser. In an environment that does not have access to the internet, the browser will attempt to connect to the internet for a period of time, usually one minute. For example, after one minute, the browser will timeout and connect to the URL successfully. This behavior is commonly mistaken for a poor connection, as the browser seems to hang until the timeout value is reached.
To prevent this behavior and allow access to the ArcGIS Enterprise portal website and ArcGIS Portal Directory immediately in the browser, reduce the timeout value on each machine where Internet Explorer is installed. To do this, follow the steps in Configure a disconnected deployment.
To configure Portal for ArcGIS with a reverse proxy server, you need to provide some information to your portal about the proxy server. For full instructions, see Use a reverse proxy server with your portal.
If my portal uses enterprise groups, does the portal identity store update as soon as a new login is added to a group on my Windows Active Directory or LDAP server?
No. If the enterprise account already exists in the portal and the enterprise group is linked to a portal group, the identity store refreshes when the new member signs in to the portal or the next time your portal identity store automatically refreshes, whichever occurs first. By default, the identity store updates each day at midnight. The portal administrator can alter the frequency and time the identity store refreshes using the Update Identity Store operation in the Portal Administration API to alter values for the membershipRefreshIntervalHours and membershipRefreshStartTime parameters.
If the enterprise account is not a member of the portal, adding the login to an enterprise group that is linked to a portal group does not automatically add the account to your portal. As the administrator, you don't want every login ever added to your Active Directory or LDAP server to automatically be added to your portal.
If my portal uses enterprise groups, are new enterprise groups automatically added to my portal when I add them to my Windows Active Directory or LDAP server?
No. The portal administrator manually configures a group in the portal to use an enterprise group. When the administrator finishes configuring the portal group, any existing portal enterprise accounts that are members of the enterprise group automatically become members of the portal group.
If you use Windows Active Directory groups, logins in nested groups that are already portal members are also added to the linked portal group. If you use enterprise groups from an LDAP server, only logins in the group you specify are added to the portal group. For example, if you specify a top-level enterprise group, only the logins that are existing portal members are added to the portal group; no logins from a nested group are included. You can, instead, specify a nested group. In that case, only logins in the nested group that are existing portal members are added to the portal group.
If my portal uses enterprise accounts and groups, what happens when a user is deleted from my Windows Active Directory or LDAP server?
If the deleted enterprise user exists in the portal, the member is removed from any portal enterprise groups the next time the identity store refreshes (by default, that's each day at midnight). However, the member is not removed from the portal identity store. Since the corresponding enterprise account no longer exists, the member cannot sign in to the portal, but the portal administrator must manually reassign any items or groups owned by the member and delete the account to free the portal license.
If my portal uses enterprise groups, what happens to the corresponding portal when an enterprise group is renamed or deleted from my Windows Active Directory or LDAP server?
If the enterprise group is linked to a portal group, members are removed from the group the next time the portal identity store refreshes (either when each member logs in or at the scheduled identity store update time). Once members are removed, only the group owner or portal administrator can access the group. The portal administrator or group owner can delete the group, or the portal administrator can reassign the portal group to a different enterprise group.
My portal uses an SAML identity provider, and I had disabled the option for members to log in with their built-in ArcGIS accounts. How do I re-enable this option?
If you need to provide access to the portal through built-in accounts again, whether because you are experiencing problems with the SAML identity provider or with member accounts, you can do so by following the steps below.
- Open the ArcGIS Portal Directory sharing location and log in as a member with administrative privileges. The URL is in the format https://webadaptorhost.domain.com/webadaptorname/sharing.
- Browse to Home > Portals > Self and scroll down to the bottom of the page. Click Update.
- Browse to the Can SignIn Using ArcGIS option. Set the property to True.
- Click Update Organization.
Members who access the sign in page will then see the button to log in to the portal using an identity provider account as well as the Using Your ArcGIS Account button.
After switching my portal's security configuration from Active Directory or LDAP to SAML, all SAML users are removed from their SAML-based enterprise groups every night. What's happening?
When you switch the portal's security configuration to SAML, you must restart Portal for ArcGIS to completely clear the previous settings for Active Directory or LDAP. When Portal for ArcGIS is configured to use users and groups from Active Directory or LDAP, group membership for each user is automatically cleared and updated every night. This group membership refresh is not required when SAML-based group memberships is used. If group membership refresh is run when SAML is configured, SAML users will lose their group membership each time the group refresh call is made.
If you're using a reverse proxy server or load balancer with your portal to handle requests from the internet, verify that the reverse proxy server or load balancer supports gzip encoding and is configured to allow the Accept-Encoding header. This header allows HTTP 1.1 responses to be compressed using gzip encoding. For example, if the header is allowed, a request to load Map Viewer will return a compressed response of approximately 1.4 MB to the browser. If the header is not allowed or ignored, the request will return an uncompressed response of approximately 6.8 MB to the browser. If your network speed is slow, it may take a long time for Map Viewer to load if responses are not compressed. It's recommended that you allow this header as part of your reverse proxy server configuration.
You may encounter this problem if your web maps contain ArcGIS Server services that use HTTPS. If this is the case, check whether the portal is configured with a print utility service from an ArcGIS Server site. The print service may be running on a machine that does not trust Certificate Authority (CA) signed certificates from the ArcGIS Server site providing the HTTPS services. Each machine running the print service must be configured to trust these CA certificates at the operating system level. See Enable HTTPS using a new CA-signed certificate for details on how to do this.
If you incorrectly configured your SSL certificate and cannot sign in to the portal, follow the steps below to recover.
- Stop Portal for ArcGIS.
- Back up the \ArcGIS\Portal\framework\runtime\tomcat\conf\server.xml file.
- Open ArcGIS\Portal\framework\runtime\tomcat\conf\server.xml in a text editor.
- Locate the SSL connector by searching for the <Connector SSLEnabled="true" string.
- Change the value of the keyAlias parameter back to the default value, which is keyAlias="portal", and save your changes.
- Log in to the ArcGIS Portal Directory as a member with administrative privileges.
- Choose Security > SSLCertificates and click Update. On the next page, confirm Update without modifying any parameters.
- The portal automatically restarts.
When the portal is configured to use Integrated Windows Authentication, user logins either fail intermittently or are very slow. The portal logs contain the entry: User '<username>' not found in the identity store provider.
Follow the instructions in Configure the domain controller used by Portal for ArcGIS.
When I open Organization > Settings > ArcGIS Online in the portal website, I see an error message that indicates credentials are invalid or ArcGIS Online cannot be accessed. What is wrong and how do I correct these issues?
The portal requires valid ArcGIS Online credentials to access subscriber and premium Living Atlas. If the portal cannot access ArcGIS Online using the credentials you used when you enabled Living Atlas subscriber and premium content, one of the following messages is returned in the portal website and in the logs for the hosting server:
- The credentials used to access subscriber and/or premium Living Atlas content are invalid. Update credentials with valid ArcGIS Online organizational account credentials.—ArcGIS Enterprise connected to the ArcGIS Online organization and determined that your existing credentials are invalid. Make sure the password has not changed for your ArcGIS Online account and, for premium content, that the account still has credits available.
If the password changed or if you need to provide a new account to access subscriber and premium Living Atlas content from ArcGIS Online, update credentials.
- ArcGIS Online cannot be accessed from this portal. Check your firewall settings or portal proxy settings.—ArcGIS Enterprise cannot connect to the ArcGIS Online account associated with your credentials. In most cases, this is due to issues on your network that are preventing communication with ArcGIS Online.
- Cannot validate credentials used to access subscriber and/or premium Living Atlas content, therefore you cannot upgrade the content. Contact Esri technical support or your international distributor.—An uncommon internal error has occurred that cannot be identified. If you see this message, contact Esri technical support (if you're in the United States) or your international distributor (if you're outside the United States.) to identify and correct the problem.
Backups
The portal stores incremental transaction logs in a subdirectory of the portal content directory, which allows you to create incremental backups of the portal. The default location is C:\arcgisportal\backups\walarchive). Initially, the size of this subdirectory is limited to 5 GB. Once you run a backup using the webgisdr tool, this limit is removed, but the transaction logs are cleared each time the tool is run. If it's been a while since you created a full backup of the portal and the subdirectory is above 5 GB, the following message is logged:
The transaction logs of the portal are consuming more than 5GB of disk space. Run a full backup using the webgisdr tool to clear out these logs.
To learn more about the webgisdr tool, see Create an ArcGIS Enterprise backup.
This error occurs when an item is still present in the portal's internal database but is not present in the content directory. This is the result of an incomplete item deletion. Normally, when you delete an item, it is deleted from the internal database as well as the content directory. However, sometimes an item is not successfully deleted from the internal database.
If this is the case, when you create a backup, a WARNING error is logged, indicating that the item must be deleted manually. Note the itemID value or values provided by the error message. Unless this item is owned by Esri, you can follow the steps below to delete the item.
Tip:
You can also contact Esri Technical Support for help with these steps.
- Sign in to the Portal Sharing API as an administrator (https://portal.domain.com/webadaptor/sharing/rest).
- Search for the item in the API using the /search endpoint. For the Search Text parameter, enter id: using the itemID from the log message.
- In the search results, click the link identifying the owner of the item. The owner's information page appears.
- Under Related Resources, click User Content.
- Click the itemID from the logs. A message appears indicating an Internal Server Error.
- Append /delete to the item endpoint's URL. Confirm the delete operation.
- Repeat steps 2–6 for each item that appeared in your log message.
When you try to restore a backup using the Import Site operation in the portal Administrator Directory, it generates a token that expires after one hour. If the restore operation doesn't complete within an hour, the import process will fail.
If your backup is taking longer than an hour to restore, generate a token using the sharing API and specify the expiration time to be longer than the default. Use this token to access the portal Administrator Directory:
- If you are using the directory in a web browser, append your new token to the Administrator Directory URL for the Import Site operation.
- If you are calling the operation from a script, include your new token in this API call.
Sometimes QuickEdit mode prevents the webgisdr utility from running.
QuickEdit mode allows you to select text in the command prompt console when you click the console . When QuickEdit is enabled, any process running in the command prompt is paused until you press Enter.
In Windows Server 2016 or later, QuickEdit is enabled by default. The word Select is prepended to the console window title when QuickEdit is enabled, as indicated by the red box in the image below:
If you click the command prompt console while the webgisdr utility is running in a command prompt with QuickEdit mode enabled, the webgisdir utility pauses or freezes. When you press Enter, the wegisdr utility continues. You can disable QuickEdit mode to eliminate interference with the webgisdr utility. Consult your IT staff or review the Windows documentation for more information.
If the command prompt is not in QuickEdit mode, contact Esri Technical Support.
Publishing
When enabling the Feature Access or Tiled Mapping capability while publishing a hosted service to an ArcGIS Enterprise portal from ArcMap, publishers are prompted with a security alert that requires them to verify a certificate.
Being prompted to verify a certificate in ArcMap when publishing a hosted service can be caused by one or both of the following:
- ArcGIS Server is using a self-signed certificate. By default, the server is preconfigured with a self-signed certificate that allows the server to be initially tested and helps you quickly verify that your installation was successful. However, in almost all cases, an organization should request a certificate from a trusted certificate authority (CA) and configure the server to use it. This can be a domain certificate issued by your organization or a CA-signed certificate.
- The Administration URL entered when federating ArcGIS Server with your portal uses HTTP instead of HTTPS, for example, http://gisserver.domain.com:6443/arcgis. Alternatively, you can enable administrative access on your ArcGIS Web Adaptor and specify the Web Adaptor URL as the Administration URL to help alleviate any certificate prompts.
To learn more, see Security best practices.
When publishing a scene layer from ArcGIS Pro, publishing succeeds, but the scene cache fails to create, and the publisher receives the following message: Error 001784: Unable to connect to the database used for scene caches (unauthorized). Failed to execute (Manage Scene Cache).
Scene layers cache data in the ArcGIS Data Store tile cache data store. The ArcGIS Server scene caching tools communicate with this database through HTTP and authenticate using cookies. The cookie policies set on your ArcGIS Server Windows machine may block the cookies. In some cases, this is the default setting on Windows operating systems.
The scene caching tools use an internet URL to connect to the scene cache database first. In this case, internet policies apply. If the internet connection fails, the tools attempt to connect using an intranet URL, in which case intranet policies apply. To verify the URLs used by the tools are correctly set up to access the scene cache database, confirm that the ArcGIS Data Store host names are correct, and update cookie policies on the ArcGIS Server machines.
- Open a web browser and log in to your hosting ArcGIS Server site's Administrator Directory. Log in using ArcGIS Server administrator credentials.
- Go to data > items > nosqlDatabases > /nosqlDatabases/AGSDataStore_nosqldb_<database name> > REST.
- Note the hostname and unqHostname properties. These are the fully qualified domain name and unqualified domain names of the scene cache database. You will use these later when updating cookie policies.
- Log in to each ArcGIS Server machine using the ArcGIS Server Account. This is the account you created to run ArcGIS Server processes when you installed ArcGIS Server.
- Start the machine's Internet Options. This can be accessed through Internet Explorer or your server's Control Panel.
- Click the Security tab and do one of the following:
- Choose Local intranet and make sure the security level set for it does not block cookies for intranet sites. If it does, change the security level to allow cookies from intranet sites.
Note:
You could change the security policy for the Internet option instead; however, this is not recommended, as it allows your machine to accept cookies from any site on the internet.
- Choose Trusted sites > Sites and add the URL for the fully qualified host name of the scene cache database, for example, datastore.domain.com. Also add the URL of the unqualified host name as a trusted site, for example, datastore.
- Choose Local intranet and make sure the security level set for it does not block cookies for intranet sites. If it does, change the security level to allow cookies from intranet sites.
- Click OK to apply your changes and close Internet Options.
- Restart ArcGIS Server.
- Repeat these steps for every ArcGIS Server machine in your site.