Federation Fails - Invalid Token

[dimesv]

Hi guys,

I've run the latest version of the DSC PowerShell module on Windows Server 2022 Datacenter Azure Edition machines and everything works fine except the federation. All credentials and URLs are correct but I end up getting an invalid token error at the end when federating a specialized server.

Error:
[ERROR]:- Federation returned error. Error:- @{code=498; message=Invalid Token.; details=System.Object[]}
PowerShell DSC resource ArcGIS_Federation failed to execute Set-TargetResource functionality with error message: [ERROR]:- Federation Failed after multiple attempts. Error:- @{code=498; message=Invalid Token.; details=System.Object[]}

Issue:
[ArcGIS.Common.psm1] Line 342

The function Invoke-ArcGISWebRequest get's the Referer and the URL with the standard port number 443 properly. Just before the call, I've logged the URL and it is still includes the port number. However, when Invoke-WebRequest is performed, it removes internally the port number. This means, that the URL no longer matches the Referer which is the same Referer used when generating the portal Token. The Referer includes the port number and the token was generated for this Referer.

Fix:
[ArcGIS_Federation.psm1]

Go to Line 137
$Referer = "https://$($PortalFQDN):$($PortalPort)/$PortalContext"

and immediately below, add the following lines:
if($PortalPort -eq 443){
$Referer = "https://$($PortalFQDN)/$PortalContext"
}

Go to Line 340 and do the same. This is consistent with what was done for ServiceUrlPort and ServerSiteAdminUrlPort.
This makes sure that when a standard port is used such as 443, the Referer does not include it. This means that when Get-PortalToken is called, the Referer is changed to match what Invoke-WebRequest apparently seems to do which is to remove the standard port from the URL.

With the change above done, the DSC module works just fine.

Can you confirm this is valid and if such, apply the fix to the next version?

Cheers,
Jose

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request

Module Version

• 4.1.0

Affected Resource(s)

• ArcGIS_Server 11.1

Configuration Files

Expected Behavior

Federation of ArcGIS Server 11.1 machines with ArcGIS Enterprise 11.1

Actual Behavior

The Federation fails.

Steps to Reproduce

Run the install using the DSC PowerShell library for a base enterprise deployment on one machine and then install ArcGIS Server (general purpose role) and federate with the base enterprise server. The federation will fail.

Important Factoids

References

[cameronkroeker]

Hi @dimesv,

Thanks for the suggestion and submission. This looks to be a duplicate of the following issue which is still being investigated:
#464

The current logic has always worked fine in 11.0 and below (and still does), however no longer works in 11.1.

Thanks,
Cameron K.

[dimesv]

Thanks @cameronkroeker . It seems to be. Not sure why I couldn't find this issue here before would have saved me a lot of time.

[cameronkroeker]

closing as a duplicate. Workaround can be found here: #464