使用PowerShell连接到azure服务结构集群
[英]Connect to azure service fabric cluster with powershell
问题描述
I'm unable to connect to my azure service fabric cluster using powershell. 
我无法使用PowerShell连接到我的Azure服务结构集群。
I have created a certificate "Admin" on my computer using https://support.jetglobal.com/hc/en-us/articles/235636308-How-To-Create-a-SHA-256-Self-Signed-Certificate 我使用https://support.jetglobal.com/hc/en-us/articles/235636308-How-To-Create-a-SHA-256-Self-Signed-Certificate在我的计算机上创建了一个“Admin”证书
I have imported this certificate in my Key Vault, and added an "Admin client" authentication using "Certificate Thumbprint" authentication mode in the cluster (with the thumbprint of the created certificate) 我已在密钥保管库中导入此证书,并在群集中使用“证书指纹”身份验证模式添加了“管理客户端”身份验证(使用创建的证书的指纹)
I am using the below powershell command : 我使用下面的powershell命令:
$ClusterName= "***.francecentral.cloudapp.azure.com:19000"
$ThumbPrint= "e8*****"
Connect-serviceFabricCluster -ConnectionEndpoint $ClusterName -KeepAliveIntervalInSec 10 `
-X509Credential `
-ServerCommonName "Admin" `
-FindType FindBySubjectName `
-FindValue "Admin" `
-StoreLocation CurrentUser `
-StoreName My
As described in https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-connect-to-secure-cluster 如https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-connect-to-secure-cluster中所述
(I have also tried with -FindByThumPrint) (我也试过-FindByThumPrint)
I get FARBRIC_E_SERVER_AUTHENTICATION_FAILED: CertficateNotMatched. 我得到FARBRIC_E_SERVER_AUTHENTICATION_FAILED:CertficateNotMatched。
What did I miss ? 我错过了什么 ?
1 个解决方案
解决方案1
0 2019-05-16 14:50:26
SSL certificate and SF Cluster endpoint URI must match SSL证书和SF Cluster端点URI必须匹配
There are few ways to solve this: 有几种方法可以解决这个问题:
If the Cluster Certificate was issued to a custom domain (lets say
mysite.mydomain.com) you need to use that custom domain URL into$ClusterName.如果群集证书已发布到自定义域(例如mysite.mydomain.com),则需要将该自定义域URL用于$ClusterName。 Also bothmysite.mydomain.comand***.francecentral.cloudapp.azure.commust resolve to the same IP address.mysite.mydomain.com和***.francecentral.cloudapp.azure.com必须解析为相同的IP地址。You can also fix it by creating new certificate and pointing it to
***.francecentral.cloudapp.azure.com.您也可以通过创建新证书并将其指向***.francecentral.cloudapp.azure.com来修复它。 After doing this, replace it with the old one in your cluster and connect by using***.francecentral.cloudapp.azure.comendpoint.执行此操作后,将其替换为群集中的旧版本,并使用***.francecentral.cloudapp.azure.com端点进行连接。This is not a fix but workaround.
这不是修复,而是解决方法。 You can disable certificate name check by modifying C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.configand settingcheckCertificateNametofalse.您可以通过修改C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe.config并将checkCertificateName设置为false来禁用证书名称检查。 Like this ( click here ):像这样( 点击这里 ): <configuration><system.net><settings><servicePointManager checkCertificateName="false" /></settings><system.net></configuration>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.