Cannot connect to service fabric secure cluster

1
votes

I created new secure service fabric cluster on azure with cluster and admin client certificates in keyvault on azure. I installed the admin client certificate for current user and local machine stores but whenever I try to connect that cluster or explore it in browser its gave access denied error. I am also trying to connect from visual studio but it failed. In visual studio following is connection parameters: 

  <ClusterConnectionParameters ConnectionEndpoint="my.end.point.com:19000"  
                           X509Credential="true"
                           ServerCertThumbprint="ClusterCertificateThumbPrint"
                           FindType="FindByThumbprint"
                           FindValue="AdminClientCertificateThumbPrint"
                           StoreLocation="CurrentUser"
                           StoreName="My" />

What I am doing wrong?

1
azure-service-fabric
Check these articles: docs.microsoft.com/en-us/azure/service-fabric/… and docs.microsoft.com/en-us/azure/service-fabric/…Mikkel Mørk Hegnhøj
Did you solve it? I'm having exactly the same error, I'm using the cluster certificate it requires you to create when you create the cluster the first time. I installed it on my machine but both the browser and VS doesn't wan't to connectGabriel Piffaretti

1 Answers

0
votes

I experienced something similar, my issue was that I had the wrong servercertthumbprint. I created my service fabric cluster as part of the visual studio publish step and in that case the configuration looked like this:

  <ClusterConnectionParameters ConnectionEndpoint="myservicefabricname:19000" 
                               X509Credential="true"
                               ServerCertThumbprint="certicateThumbprint"
                               FindType="FindByThumbprint"
                               FindValue="certicateThumbprint"
                               StoreLocation="LocalMachine"
                               StoreName="My" />

The thumbprint used for the local certificate and the service fabric one has the same certificate thumbprint.

Additionally, it seems that even though I added the ClusterConnectionParameters in the xml config, when I went "Publish" and expanded "Advanced Parameters" I had to manually enter the values. enter image description here

In case you don't know how to find the thumbprint you can follow this tutorial: https://docs.microsoft.com/en-us/dotnet/framework/wcf/feature-details/how-to-retrieve-the-thumbprint-of-a-certificate