Connect-ServiceFabricCluster fails to contact naming server on remote Azure Service Fabric cluster

11
votes

I provisioned an Azure Service Fabric cluster in North Central US. I was able to initially publish my Service Fabric application to the cluster using Visual Studio and everything was running fine. I am now trying to upgrade the application via another Visual Studio publish, but the publish upgrade always fails with an Operation Timed Out error.

Alternatively, I tried to just connect to the Service Fabric cluster using Powershell. I can't seem to do that either as I get the following failure to connect to the Naming Service.

How do I get things working again?

PS C:\WINDOWS\system32> Connect-ServiceFabricCluster @connectArgs WARNING: Failed to contact Naming Service. Attempting to contact Failover Manager Service... WARNING: Failed to contact Failover Manager Service, Attempting to contact FMM... False Connect-ServiceFabricCluster : One or more errors occurred. At line:1 char:1 + Connect-ServiceFabricCluster @connectArgs + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Connect-ServiceFabricCluster], AggregateException + FullyQualifiedErrorId : CreateClusterConnectionErrorId,Microsoft.ServiceFabric.Powershell.ConnectCluster

2
azure-service-fabric
Does VS consistently work and PS consistently fail? Is the cluster secured? - Sean McKenna
Does a restart of the PowerShell console resolve this? I've seen a similar error, but my path to it seems different and restarting the console resolves my issue. - JG in SD
I presume by now this was resolved - was there something you had to do, or did it just start working again? - TreeAndLeaf
I have the same error that is the resolution - Rıfat Erdem Sahin

2 Answers

9
votes

I was getting the same error in PowerShell and this is what worked for me: (based on https://blogs.msdn.microsoft.com/ncdevguy/2016/12/25/connecting-to-a-remote-azure-service-fabric-cluster-using-powershell/)

$clusterFQDN = <your_cluster_FQDN>
$clusterEndpoint = $clusterFQDN+':19000'
$certThumbprint = (Get-ChildItem -Path Cert:\CurrentUser\My | where {$_.Subject -like "*$clusterFQDN*" }).Thumbprint
Connect-ServiceFabricCluster -ConnectionEndpoint $clusterEndpoint -KeepAliveIntervalInSec 10 -X509Credential -ServerCertThumbprint $certThumbprint -FindType FindByThumbprint -FindValue $certThumbprint -StoreLocation CurrentUser -StoreName My

NOTE: The KeepAliveIntervalInSec parameter is optional but the rest are mandatory.

NOTE: This assumes your management cert is installed in CurrentUser\My (Current User->Personal in Certificates MMC Snap-in).

Since the OP didn't specify what @connectArgs was, cannot be sure if my answer has been tried by the OP or not.

0
votes

Check to see if a Network Security Group (NSG) rule is denying inbound traffic to port 3389. If so, remove that port from the deny rule or create a higher priority NSG rule to allow inbound traffic from that port.

If that does not work, carefully check each item in this article under the section title "The minimum rules are required for these ports on Service Fabric clusters"

https://github.com/Azure/Service-Fabric-Troubleshooting-Guides/blob/master/Security/NSG%20configuration%20for%20Service%20Fabric%20clusters%20Applied%20at%20VNET%20level.md

If that does not work, sequentially review the Azure troubleshooting guides at: https://github.com/Azure/Service-Fabric-Troubleshooting-Guides