The code appears to build fine. The certificates are all loaded. But I cannot connect. There has to be a step missing. Do we need to create client certificate on the cluster? When I try to open the service fabric explorer I get a not authorized message. Not sure why? #23408
Comments
|
@tshinkle Thank you for the detailed feedback. We are actively investigating but we need to understand the documentation that you are attempting to follow in order to provide a comprehensive response and address any documentation gaps. |
|
I am following the documentation
https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-tutorial-dotnet-app-enable-https-endpoint
Part one of the tutorial worked fine and I was able to deploy it to an
Azure cluster. However, since I followed the second part in the link above
I appear to have errors in my clusters and I am unable to access them
properly to manage them. I am using a self generated test certificate and I
have loaded it locally and to my clusters. But I am struggling with the
Microsoft documentation on determining why I am getting access denied to
the cluster site. I am able to connect using telnet to the cluster name and
the port, so I'm assuming this is a certificate issue, but I'm not sure how
to fix it. Thanks.
…On Sun, Jan 27, 2019 at 2:45 PM Mike Ubezzi ***@***.***> wrote:
@tshinkle <https://github.com/tshinkle> Thank you for the detailed
feedback. We are actively investigating but we need to understand the
documentation that you are attempting to follow in order to provide a
comprehensive response and address any documentation gaps.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#23408 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AXuvPPW9PrQv2W_YS4ZILrvb9A-7bT1iks5vHgHQgaJpZM4aUzme>
.
|
|
@tshinkle when you say you have errors in the cluster, what do you mean? Can you provide a screenshot? |
|
Hi, yes, please see below.
[image: image.png]
…On Mon, Jan 28, 2019 at 1:06 PM Micah ***@***.***> wrote:
@tshinkle <https://github.com/tshinkle> when you say you have errors in
the cluster, what do you mean? Can you provide a screenshot?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#23408 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AXuvPHB1UHqQyP7GCwEshLE2kB2KHKcZks5vHzwrgaJpZM4aUzme>
.
|
|
And in my cluster,
[image: image.png]
…On Mon, Jan 28, 2019 at 1:06 PM Micah ***@***.***> wrote:
@tshinkle <https://github.com/tshinkle> when you say you have errors in
the cluster, what do you mean? Can you provide a screenshot?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#23408 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AXuvPHB1UHqQyP7GCwEshLE2kB2KHKcZks5vHzwrgaJpZM4aUzme>
.
|
|
@tshinkle Sorry but if you reply directly to the email the images don't show up. You actually need to login on a PC to upload the images. |
|
|
|
|
|
@tshinkle thanks for that. So as it shows it seems your cluster itself is struggling so we should fix that before anything else. I assume you are first trying to deploy this in a local Service Fabric cluster correct? If so, can you remove your current cluster and then open the local Service Fabric Cluster manager. Try building a new cluster without deploying any code.
Try setting up just a single node cluster and let SF manager create that cluster. Once it is created, ensure all is healthy. Once that is confirmed, try deploying the app from Visual Studio and see if it works. I ran through the doc and was able to get it all to deploy correctly without any changes. |
|
Uploaded now in the thread, thanks.
…On Mon, Jan 28, 2019 at 5:02 PM Micah ***@***.***> wrote:
@tshinkle <https://github.com/tshinkle> Sorry but if you reply directly
to the email the images don't show up. You actually need to login on a PC
to upload the images.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#23408 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AXuvPADkY2YCnnp5NbPo7JNcJ2Fx6nnKks5vH3N_gaJpZM4aUzme>
.
|
|
I also get local host refused to connect when I try to go to the following
link: https://votingtestcluster.eastus.cloudapp.azure.com:443
…On Mon, Jan 28, 2019 at 5:02 PM Micah ***@***.***> wrote:
@tshinkle <https://github.com/tshinkle> Sorry but if you reply directly
to the email the images don't show up. You actually need to login on a PC
to upload the images.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#23408 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AXuvPADkY2YCnnp5NbPo7JNcJ2Fx6nnKks5vH3N_gaJpZM4aUzme>
.
|
|
@tshinkle sorry I re-read and I see it's an Azure cluster not local. I am investigating and will update shortly. |
|
Ok, so I'm now to this. I downloaded the desktop service cluster manager
app from here
https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-visualizing-your-cluster
but it doesn't run for some reason. I there something I need to install
first? Thanks.
…On Mon, Jan 28, 2019 at 5:17 PM Micah ***@***.***> wrote:
@tshinkle <https://github.com/tshinkle> thanks for that. So as it shows
it seems your cluster itself is struggling so we should fix that before
anything else.
I assume you are first trying to deploy this in a local Service Fabric
cluster correct? If so, can you remove your current cluster and then open
the local Service Fabric Cluster manager.
Try building a new cluster without deploying any code.
[image: image]
<https://user-images.githubusercontent.com/32313503/51870043-55a30100-2307-11e9-8de1-762f6aaf982c.png>
Try setting up just a single node cluster and let SF manager create that
cluster. Once it is created, ensure all is healthy. Once that is confirmed,
try deploying the app from Visual Studio and see if it works. I ran through
the doc and was able to get it all to deploy correctly without any changes.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#23408 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AXuvPPweMsU3wOTZjel8VLCJVjWu14dZks5vH3b5gaJpZM4aUzme>
.
|
|
Thanks. But I think I might try to delete the cluster and start the
tutorial again from scratch. Part one worked and I did at one point have
the cluster working. Things fell apart in part 2 when I added certificates
and tried using https to connect. There appears to be something missing in
this second tutorial in regard to the certificates., It would be nice to
have some additional insight into where certificates might be go wrong.
Thanks.
…On Mon, Jan 28, 2019 at 5:21 PM Micah ***@***.***> wrote:
@tshinkle <https://github.com/tshinkle> sorry I re-read and I see it's an
Azure cluster not local.
I am investigating and will update shortly.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#23408 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AXuvPLJIarWNcwdoE4xzPtVhDj1MOSIQks5vH3fggaJpZM4aUzme>
.
|
|
@tshinkle thanks for the info. I am going to go through all parts of the tutorial again as well to ensure all the needed info is there. will update once I have completed it. |
|
@tshinkle I ran through the steps and steps 1 and 2 worked without issues on both my local cluster and my Azure Cluster. When getting to step 3 for enabling HTTPs I found issues with both my local cluster and my Azure cluster as you are.
Seems after making the changes to enable HTTPs the application itself is unhealthy. @rwike77 @aljo-microsoft would either of you be able to provide some insight on this? Or possibly go through the doc to confirm as well? I tried it a few times and the results are consistent. |
|
Part 1 and 2 works, however looks like Enable HTTPS doesn't work. I am using Visual Studio 2019 Preview. The application builds and gets deployed on the local cluster and then i am getting this error and unable to browse the application. |
|
@tshinkle @MicahMcKittrick-MSFT @aljo-microsoft I recently refreshed this article. At one point, I remember seeing the "There was an error during CodePackage activation.The service host terminated with exit code:1" error in SFX as well. In the https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-tutorial-dotnet-app-enable-https-endpoint#configure-kestrel-to-use-https step, did you replace the "<your_CN_value>" value with "mytestcert" (or your test cert subject) in the GetCertificateFromStore method? |
|
Thanks @rwike77 I did replace the value both times I ran through it. I even kept the naming convention the same using "mytestcert" Although, looking back at it, I am wondering if I just put "mytestcert" instead of "CN=mytestcert" Is it expected to keep the CN= part? If so that might be the issue and I can rerun through the doc. |
|
Revisited the code again, but this part doesn't work. Getting the same error again. "The target process exited without raising a CoreCLR started event. Ensure that the target process is configured to use .Net Core. This may be expected if the target process did not run on .net core." and https://localhost shows same above blank screen "This Site Cannot be reached". |
|
@tshinkle @MicahMcKittrick-MSFT @its-saurabhjain The idea of a local secured clusters doesn't make sense; what is your use case for this? @dragav |
|
Following the tutorial (
https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-tutorial-create-dotnet-app).
The tutorial creates a local service, then walks through moving it to a
cluster. Then walks through using https and certificates in part 3, first
locally and then in a cluster. None of the part 3 htts steps appear to
work, locally or in a cluster. (
https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-tutorial-dotnet-app-enable-https-endpoint).
I'm pretty sure this was discussed previously in the thread.
…On Mon, Feb 4, 2019 at 12:42 PM aljo-microsoft ***@***.***> wrote:
@tshinkle <https://github.com/tshinkle> @MicahMcKittrick-MSFT
<https://github.com/MicahMcKittrick-MSFT> @its-saurabhjain
<https://github.com/its-saurabhjain>
The idea of a local secured clusters doesn't make sense; what is your use
case for this?
@dragav <https://github.com/dragav>
To provide additional context.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#23408 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AXuvPCvqvgutiFU8lEccHWBCIBS2sAvCks5vKHETgaJpZM4aUzme>
.
|
|
@MicahMcKittrick-MSFT if you have a local repro, can you send me the logs please? dragosav @ msft. On the surface, this does appear to be caused by missing permissions to the cert's private key. Please check in the cert mgmt UX that the private key is available and acl'd accordingly. (For context, self-signed certs generated with PowerShell are by default CNG certs, unless a 'legacy' crypto provider is specified explicitly. Our runtime ACLing code doesn't handle CNG certs.) The failure to connect to the cluster could be explained by the client (browser) rejecting the server's untrusted cert. This check can be bypassed in Chrome. |
|
@tshinkle I just spun this up on my local work PC. So I dont have the app deployed at the moment. I am happy to deploy it again and send you any logs needed. That being said, I did just follow the steps in the doc exactly as written so you should be able to run through them and get the same results as we are all seeing. I also checked to ensure the cert has the right permissions and all appears well. I also am using chrome to connect to the local cluster. |
|
I'm at a complete loss. I've been through this code several times, but the error is happening in the Application both localhost and Azure when I publish. On localhost I get the following event error: In the Azure cluster I get the following event error: And in a node I get the following: There are no errors happening in the build of the code. |
|
@tshinkle may I ask you to zip the traces in the SFLogs\traces directory, and share them with me? I'm dragosav at microsoft dot com. The exact path to the logs directory is listed in the cluster manifest. Thank you. |
|
@dragav if you like I can also publish my code to an Azure Cluster and give you the subscription and cluster information offline if that helps. |
|
Just FYI, I have given access to @dragav to my Azure Cluster seeing this error. Hopefully we can find some problems and get the doc updated. |
|
I am also followed the same steps mentioned above and also getting same 'Site can't be reached error' |
|
@dragav any luck on this? Seems we have multiple users who get the same issue with this doc |
mimckitt
added
assigned-to-author
and removed
awaiting-product-team-response
cxp
in-progress
labels
|
The enable https part don't work, just as what @MicahMcKittrick-MSFT hits. Any update on this please? |
|
We narrowed it down to a failure to either find or ACL the certificate. Highly recommend using the SF CertSetup.ps1 script to generate a certificate (in dev/test environments), as that is proven to work. I suspect whoever is hitting this may be generating CNG self-signed certs, whose private key is not accessible directly in PSh (and so the ACLing code fails). We're working on this. |
|
@MicahMcKittrick-MSFT |
|
Was this issue resolved? |
|
@dapathy Please adopt documented best practices to mitigate issues like this. |
|
I ran into the same problems as others and here is a few hints that might help others. Firstly: If you added the .bat file like the tutorial says "right-click VotingWeb and select Add->New Item and add a new file named "Setup.bat". Visual studio might encode it wrong. In my case there was unwanted symbols in the beginning of the file (I might have done it incorrectly), check it by running the .bat file directly. Secondly: When i ran the SetCertAccess.ps1 from PS, I got an error on line 34-37. regarding "$accessRule", because my windows is in german, so line two needed another user group from "NETWORK SERVICE" to "Netzwerkdienst". $userGroup="Netzwerkdienst". Thirdly: Also related to windows language. System group in ApplicationManifest.xml needs to reflect your windows language, in my case i changed from "Administrator" to "Administratoren". That did it for me. |
The code appears to build fine. The certificates are all loaded. But I cannot connect. There has to be a step missing. Do we need to create client certificate on the cluster? When I try to open the service fabric explorer I get a not authorized message. Not sure why?
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
The text was updated successfully, but these errors were encountered: