HOW TO

Fix an arcgis.keystore or server.xml corruption

Last Published: July 16, 2021

Summary

The arcgis.keystore file holds the private key used to run the internal Tomcat webserver on port 6443. In instances where switching the protocol to HTTP Only and back to either HTTP and HTTPS or HTTPS Only fail, or the protocol is set to HTTPS Only and port 6080 is inaccessible, a method to regain access to the ArcGIS Server site is important to avoid a complete disk recovery scenario. There are a few potential causes for the default arcgis.keystore file to become corrupted or unusable, including running out of disk space, a modified server.xml file in the Tomcat configuration, disk I/O errors, and faulty hard disk drives.

Procedure

Use the following steps to regain access to ArcGIS Server Manager or ArcGIS Administration Directory.

  1. Retrieve the server.xml file and the certificates folder from a working ArcGIS Server installation with the same version.
  2. Stop the ArcGIS Server service.
  3. Rename the existing server.xml file to a different name, for example, 'server.xml_old', and paste the copied file into the following folder location:
C:\Program Files\ArcGIS\Server\framework\runtime\tomcat\conf\
  1. Rename the existing certificates folder to certificates_old and create a new folder named certificates in the following folder location:
C:\Program Files\ArcGIS\Server\framework\etc\
  1. Paste all the contents of the working certificates folder copied from the other machine including the arcgis.keystore and keystorepass.dat files to the newly created folder.
  2. Move the machine folder in <config-store>\machines\<Machine Name> to a different location.
  3. Create a new <Machine Name> folder in the <config-store>\machines directory and paste all the contents of the working certificates folder including the arcgis.keystore and keystorepass.dat files.
  4. Verify that the webServerCertificateAlias value is 'selfsignedcertificate' in the <Machine Name>.json file in the config-store\machines folder.
  5. Start the ArcGIS Server service. Run the following command to confirm ArcGIS Server is listening on port 6443.
netstat -ano | findstr "6443"

Alternatively, run the Configure ArcGIS Server Account wizard to regain the full permission on the following directories, if the directories permission is set to readonly.

C:\arcgisserver
C:\python27
C:\Program Files\ArcGIS\Server

Article ID: 000021875

Software:
  • ArcGIS Server

Receive notifications and find solutions for new or common issues

Get summarized answers and video solutions from our new AI chatbot.

Download the Esri Support App

Related Information

Discover more on this topic

Get help from ArcGIS experts

Contact technical support

Download the Esri Support App

Go to download options