Skip To Content

Troubleshoot ArcGIS Enterprise on Microsoft Azure

If you encounter issues using ArcGIS Enterprise Cloud Builder for Microsoft Azure, see the log files created in the %temp% directory where Cloud Builder is installed (by default, the directory is C:\Users\<your login>\AppData\local\temp). Additional troubleshooting tips are provided in this topic.

Also note that virtual machines created during a failed deployment process are not automatically deleted. This allows you to connect to the virtual machine and check the Windows event logs or the Cloud Builder deployment log (C:\arcgis\Deploy\deploy-log.txt) to troubleshoot the deployment failure. However, this means you need to clean up these virtual machines yourself after you finish troubleshooting. Use the Microsoft Azure Management Portal to delete machines that have been provisioned before you redeploy a site.

You can also configure Microsoft Azure Monitor Logs to collect ArcGIS Server logs and logs for the Azure virtual machines.

To allow Azure Monitor Logs to gather ArcGIS Server logs (services.log and server.log files), you must define a custom logs data source on the Log Analytics page in the Azure portal. The ArcGIS Server log files are stored in the C:\ArcGIS\serverlogs directory on the ArcGIS Server machines.

ArcGIS Enterprise Cloud Builder for Microsoft Azure

Site administration

Publishing

General

ArcGIS Enterprise Cloud Builder for Microsoft Azure

When creating or upgrading a deployment using Cloud Builder, I receive a time-out message similar to the following: The resource operation completed with terminal provisioning state 'Failed' (Code: ResourceDeploymentFailure)— Provisioning of VM extension '<resrouce name>' has timed out. Extension installation may be taking too long, or extension status could not be obtained. (Code: VMExtensionProvisioningTimeout).

Due to a current restriction in the Microsoft Azure Resource Manager (ARM), template execution is configured to time out at 90 minutes. As a result, deployments that take longer than 90 minutes to create or upgrade proceed as expected on the individual virtual machines, but the ARM template execution has terminated (timed out) for clients.

To work around this limitation, do not close Cloud Builder. Wait 45-60 minutes after you receive the time-out error, then retry the creation or upgrade operation. To do that, click the back button to return to the beginning of the operation, step through the Cloud Builder windows again, and click finish.

I receive the message ResourcePurchaseValidationFailed: User failed validation to purchase resources. Error message: 'Legal terms have not been accepted for this item on this subscription. To accept legal terms, please go to the Azure portal and configure programmatic deployment for the Marketplace item or create it there for the first time when I attempt to deploy an ArcGIS Server site or ArcGIS Enterprise site using Cloud Builder.

Microsoft Azure requires you to accept their license agreement before you can use images from the Azure Marketplace. Your Azure subscription administrator must perform a set of manual steps in the Azure portal and accept the Azure legal terms once for each unique image before you can deploy a site using Cloud Builder.

I receive an unhandled exception error in Cloud Builder when the Microsoft Azure session token expires.

This typically occurs if you leave Cloud Builder open and idle for many hours. Cloud Builder currently is not getting a new token when the existing one expires. Close and reopen Cloud Builder after each individual deployment operation to get a new session token from Microsoft Azure.

I am unable to sign out of Cloud Builder.

To sign out of Cloud Builder, for example, if you have more than one Microsoft Azure account and need to switch the account you're signed in with, do the following:

  1. Log out of all other Microsoft Azure clients on that machine. If you remain logged in to Azure from another client, the session token persists.
  2. Close and reopen your web browser.
  3. Clear the browser cache, and delete all cookies and history when you clear the cache.

Site administration

I cannot make a remote desktop connection to the Microsoft Azure virtual machine.

Confirm you typed the correct login and password. You should log in with the login and password you specified for the machine administrator when you deployed your site using ArcGIS Enterprise Cloud Builder for Microsoft Azure.

If you typed the login and password correctly but still cannot make a remote desktop connection, it is likely that your organization's firewall is blocking access. Contact your network administrator to allow access to Microsoft Azure virtual machines through the firewall.

Note:

You cannot make a remote desktop connection to a Microsoft Azure SQL Database, Azure SQL Managed Instance, or Azure Database for PostgreSQL. To connect one of these databases from a remote machine, you must first configure the firewall on the database's virtual machine to allow remote connections and add the IP address of the remote client to the database machine.

Administrative access is enabled via the web proxy by default, but I don't want it enabled.

Do the following to disable administrative access through the web proxy URL:

  1. Make a remote desktop connection to each of the web proxy instances. Log in using the machine administrator credentials you specified in Cloud Builder when you deployed the site.
  2. Open the c:\inetpub\wwwroot\web.config file in a text editor.
  3. Remove admin or portaladmin tokens from the match URL rules.

    For example, remove admin from the match URL tag of the "RP-HTTP-Server" rule name text before removing

    <rule name="RP-HTTP-Server" stopProcessing="true">
                        <match url="^[^/]+/(manager|admin|rest|services|mobile|tokens|login|help)(/?)(.*)" />
    

    After you remove the admin token, the tag will look like the following:

    <rule name="RP-HTTP-Server" stopProcessing="true">
                        <match url="^[^/]+/(manager|rest|services|mobile|tokens|login|help)(/?)(.*)" />
    

  4. Save changes to the web.config file and close it.

After installing an SSL (TLS) certificate, the URL property on existing web service items—including the utility services that are included with Portal for ArcGIS—is not updated. They still use the original *.cloudapp.azure.com URL.

To correct this, use the Portal REST API to update the URL property. The URL of the Portal REST endpoint is in the format https://<portal machine>.<region>.cloudapp.azure.com:7443/arcgis/sharing/rest. Log in using the portal administrator credentials you specified in Cloud Builder when you deployed ArcGIS Enterprise.

I can't open the Microsoft Azure portal, Azure Marketplace, or Azure pricing calculator.

You may be using a browser or device that is not supported by Microsoft Azure. See Microsoft Azure documentation for supported browsers and devices for information.

I receive an invalid token error when I use the webgisdr tool to restore a version 2 (V2) deployment.

If you encounter issues using the webgisdr tool on a V2 deployment, see this Esri technical article for instructions.

Publishing

Publishing to my portal on Microsoft Azure fails, and I receive the message Publish exception 'Exception: no protocol: null/admin/services/exists'.

Occasionally, a race condition occurs between the start of the portal and ArcGIS Server services, which results in an invalid configuration.

To correct this, make a remote desktop connection to the portal machine and restart the Portal for ArcGIS service. Log in using the machine administrator credentials you specified in Cloud Builder or Microsoft PowerShell Desired State Configuration (DSC) when you deployed ArcGIS Enterprise.

General

I and other portal members intermittently receive HTTP 502 errors when connecting to ArcGIS Enterprise portals on Microsoft Azure.

Beginning with 10.7.1, the load balancer probe port for Portal for ArcGIS must be configured to communicate over port 7443. If you upgraded from a 10.7 or earlier release portal, you must reconfigure the load balancer probe port, changing it from 7080 to 7443.

To change the port number, sign in to your account in the Microsoft Azure Portal, browse to the Azure internal load balancer associated with each of your Portal for ArcGIS virtual machines, and update the port value for the lbprobe. For further instructions on editing ports for internal load balancers, see the Microsoft Azure documentation.

Can I access data stored in Microsoft Azure from an ArcGIS client running on premises?

Though you can access databases running in the cloud or files stored in Azure Blob storage from ArcGIS software installed on premises, doing so will almost always be slower than accessing the data from a client installed in the same region in the cloud.

For this reason, Esri recommends you only access data in Azure from clients running in the same Azure region where the data is stored.