ArcGIS Enterprise includes a Python script, operationalHealth.py, that scans for various architecture and configuration issues that can adversely affect the operation of your ArcGIS Enterprise organization. The script looks for problems based on some of the best practices for delivering stable, optimized, and highly functional production sites. It analyzes many criteria and configuration properties and divides them into three severity levels: Critical, Important, and Recommended. These criteria are described in the following table:
ID | Severity | Property | Description |
---|---|---|---|
OH01 | Important | Portal for ArcGIS system properties | Indicates that the WebContextURL Portal for ArcGIS system property should be set in the Portal Admin when the organization URL is using a DNS alias or a load-balanced URL. |
OH02 | Important | ArcGIS Server system properties | Indicates that the WebContextURL ArcGIS Server system property should be set in the Server Admin when using a DNS alias or a load-balanced URL for the services URL defined during federation. |
OH03 | Critical | Portal for ArcGIS system properties | If the portal is highly available, this determines whether the privatePortalURL system property is defined. This property facilitates communication between the federated servers and the portal and is required when the portal is highly available and should be set to a load balancer. |
OH04 | Critical | Portal for ArcGIS system properties | If the portal is highly available, this determines whether the privatePortalURL system property is set to a specific machine in the deployment. This property facilitates communication between the federated servers and the portal and should not be set to a specific machine; it should be set to a load balancer. |
OH05 | Critical | Portal for ArcGIS system properties | If the privatePortalURL property is set, this determines whether requests to the URL are redirecting. This may indicate a misconfiguration in the component serving as the privatePortalURL value. |
OH06 | Recommended | Highly available Portal for ArcGIS | If any components are highly available, this indicates that the portal is not highly available. |
OH07 | Recommended | Highly available ArcGIS Server | If any components are highly available, this indicates that one or more federated servers are not highly available. |
OH08 | Recommended | Highly available ArcGIS Data Store | If any components are highly available, this indicates that one or more data stores registered to federated servers are not highly available. |
OH09 | Important | Portal for ArcGIS index | Determines whether the index is in sync. If the portal is highly available, this also determines whether the index is the same between the machines. |
OH10 | Critical | Federated server validation | Determines whether federated server sites are validating. |
OH11 | Critical | Certificate expiration | Determines whether any certificate imported into any portal or server machine has expired. |
OH12 | Critical | Certificate expiration | Determines whether any certificate imported into any portal or server machine will expire within 15 days. |
OH13 | Important | Certificate expiration | Determines whether any certificate imported into any portal or server machine will expire within 30 days. |
OH14 | Recommended | Certificate expiration | Determines whether any certificate imported into any portal or server machine will expire within 40 days. |
OH15 | Critical | Federated server SSL certificate | Indicates that the certificate for the administration URL for the federated server is not a trusted certificate as determined by the portal. |
OH16 | Critical | Unreachable federated server URL | Indicates that the administration URL for the federated server is not accessible. |
OH17 | Recommended | Federated server SSL certificate | Indicates that the certificate used for the services URL for the federated server is not a trusted certificate as determined by the portal. |
OH18 | Recommended | Unreachable federated server URL | Indicates that the services URL for the federated server is not reachable by the portal. |
OH19 | Important | Federated server private portal URL | Indicates that the privatePortalURL property defined in the portal does not match the privatePortalURL property defined in the federated server. |
OH20 | Important | Federated server administration URL | If the federated server site is highly available, this indicates that the administration URL for the federation is not set to a specific machine in the site. |
OH21 | Critical | Portal for ArcGIS machine status | If the portal is highly available, this indicates that one of the portal machines in the deployment is not accessible, signifying a single point of failure. |
OH22 | Critical | ArcGIS Server machine status | If the federated server site is a multimachine site, this indicates that one or more machines in the site are not accessible, signifying a single point of failure. |
OH23 | Critical | ArcGIS Data Store machine status | If the registered ArcGIS Data Store is highly available, this indicates that one of the machines is not accessible, signifying a single point of failure. |
OH24 | Critical | WebGIS DR backup | Indicates that the deployment has never been backed up using the WebGIS DR utility. If no other prevention methods for data loss are being used, there is an increased risk of data loss. |
OH25 | Important | WebGIS DR backup | Indicates that it has been more than seven days since a backup was last made using the WebGIS DR tool. |
OH26 | Important | WebGIS DR backup | Indicates that the transaction log limit is uncapped due to running the WebGIS DR tool with the BACKUP_RESTORE_MODE property set to full. Unless using a complementary incremental backup schedule, set the property to backup instead. |
OH27 | Important | Portal for ArcGIS log file location | Indicates that the log file location for the portal is set to a network share, which may cause performance issues when writing new logs or querying logs. It is recommended that you set the log location to a local path. |
OH28 | Important | Portal for ArcGIS log level | Indicates that the log level for the portal is set to DEBUG. This should be reserved for troubleshooting only and is not for general use. |
OH29 | Important | ArcGIS Server log file location | Indicates that the log file location for the federated server is set to a network share, which may cause performance issues when writing new logs or querying logs. It is recommended that you set the log location to a local path. |
OH30 | Important | ArcGIS Server log level | Indicates that the log level for the federated server is set to DEBUG. This should be reserved for troubleshooting only and is not for general use. |
OH31 | Important | Data store validation | Indicates that a data store registered to a federated server is not validating. |
OH32 | Critical | License expiration | Indicates that a license has expired. Workflows that depend on the license will no longer work. |
OH33 | Critical | License expiration | Indicates that a license will expire within 7 days. Workflows that depend on the license will no longer work. |
OH34 | Important | License expiration | Indicates that a license will expire within 14 days. Workflows that depend on the license will no longer work. |
OH35 | Recommended | License expiration | Indicates that a license will expire within 30 days. Workflows that depend on the license will no longer work. |
The operationalHealth.py script is located in the <Portal for ArcGIS installation location>/tools/operationalhealth directory. Run the script from the command line or shell. You can specify one or more parameters when running the script. If the operationalHealth.py script is run without specifying the required parameters, you are prompted to enter them manually.
operationalHealth.py parameters
The following table describes operationalHealth.py parameters:
Parameter | Description |
---|---|
-n or --hostname | The fully qualified domain name of the machine where Portal for ArcGIS is installed (in other words, portal.domain.com). The default is the host name of the machine where the script is run. |
-u or --username | The username of a built-in administrator account. |
-p or --password | The password of the built-in administrator account specified by the -u parameter or entered manually. |
-f or --passwordFile | A text file that stores the password to the built-in administrator account specified by the -u parameter or entered manually. Using this parameter in place of the -p or –-password parameter prevents the password from being listed when checking running processes on the machine. |
-o or --outputDir | The directory where the scan report will be saved. The default directory is the same folder where you run the script. You must ensure that the command line user has read and write access to this location. |
-l or --logFile | The directory where the resulting log file will be saved. If not specified, the information is logged to the console or terminal. |
-t or --token | A token can be generated and used in place of the username and password. When generating a token, set the referrer property to operationalhealth. This parameter can only be provided as an argument when running the script. When a token is provided, it overrides any username or password that is provided. |
--ignoressl | Disables SSL certificate verification. Starting in 10.7.1, the script attempts to verify all SSL certificates by default. If Python does not trust the issuer of the certificates, the script will fail to complete. If needed, this parameter can be specified to ignore all certificates. |
-d or --debug | Logs the requests and responses for HTTP requests. This can help with troubleshooting the utility. |
-h or -? | Outputs a list of the parameters that can be specified when running the script. |
Example: operationalHealth.bat -n portal.domain.com -u admin -p my.password -o C:\Temp
The scan generates a report in HTML format that lists any of the issues above that were found in the specified portal.
By default, the report is saved in the same folder where you run the script and is named operationalHealthReport_<hostname>_<date>_<time>.html.