When trying to connect to Azure service fabric I get the following error. I am able to deploy and connect to application and also connect to service fabric explorer in the web browser. But when I try to connect to using powershell it fails.
$ConnectArgs = #{ ConnectionEndpoint = 'tktdestsfsdsd.westus.cloudapp.azure.com:19000'; X509Credential = $True; StoreLocation = 'CurrentUser'; StoreName = "MY"; ServerCommonName = "westus.cloudapp.azure.com"; FindType = 'FindByThumbprint'; FindValue = "9C2D2DC3F29DFBA8E7F3C92B2C27155A327573E" }
Connect-ServiceFabricCluster #ConnectArgs
WARNING: Failed to contact Naming Service. Attempting to contact Failover Manager Service...
WARNING: Failed to contact Failover Manager Service, Attempting to contact FMM...
False
Connect-ServiceFabricCluster : Failed to authenticate server identity
At line:3 char:1
+ Connect-ServiceFabricCluster #ConnectArgs
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Connect-ServiceFabricCluster], FabricServerAuthenticationFailedException
+ FullyQualifiedErrorId : TestClusterConnectionErrorId,Microsoft.ServiceFabric.Powershell.ConnectCluster
Are you following any specific Azure doc for this?
If not, I would recommend going through the following doc on Connecting to Service Fabric using PowerShell: https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-connect-to-secure-cluster
Let me know if you still see issues. Thanks.
I believe you're missing the ServerCertThumbprint argument value.
Connect-ServiceFabricCluster -ConnectionEndpoint`
tktdestsfsdsd.westus.cloudapp.azure.com:19000`
-X509Credential -ServerCertThumbprint 9C2D2DC3F29DFBA8E7F3C92B2C27155A327573E`
-FindType FindByThumbprint -FindValue 9C2D2DC3F29DFBA8E7F3C92B2C27155A327573E`
-StoreLocation CurrentUser -StoreName My
Related
How can I restart a service fabric stateful service, actually its an actor service. I want to get this working locally. Note that this is a local instance.
I've tried the following powershell command
Restart-ServiceFabricReplica -ServiceName fabric:/MyNameSpace.Dashboard.SfApp
but I get this error
Restart-ServiceFabricReplica : Cluster connection instance is null
At line:1 char:1
+ Restart-ServiceFabricReplica -ServiceName fabric:/MyNameSpace.Da ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (:) [Restart-ServiceFabricReplica], NullReferenceException
+ FullyQualifiedErrorId : GetClusterConnectionErrorId,Microsoft.ServiceFabric.Powershell.RestartReplica
I've also tried this but don't know whats going on with this long syntax one, again same error though.
Restart-ServiceFabricDeployedCodePackage -ApplicationName fabric:/MyNameSpace.Dashboard.SfApp -NodeName "_Node_0" -ServiceManifestName "ServicePkg" -CodePackageName "Code" -ServicePackageActivationId 57f2ae77-6478-4f5d-af10-033bd4e4b4fa
I managed to get this working with an error that I later found is expected!
I firstly hadn't connected to the instance!
Connect-ServiceFabricCluster -ConnectionEndpoint "localhost:19000"
I then ran this command
Restart-ServiceFabricDeployedCodePackage -NodeName "_Node_0" -ApplicationName fabric:/MyNamespace.Dashboard.SfApp -ServiceManifestName "MyNamespace.Dashboard.ActorsPkg" -CodePackageName "Code"
In most cases the above command seems to error, but it doesn't really fail to restart. Its something to do with having just restarted the service with said command (found someone explain in the comments here Service Fabric Restart Application)
I didn't need to provide the ServicePackageActivationId parameter but if you needed that you could run this command to find out
Get-ServiceFabricDeployedServicePackage -NodeName "_Node_0" -ApplicationName fabric:/MyNamespace.Dashboard.SfApp -ServiceManifestName "MyNamespace.Dashboard.ActorsPkg"
You can also do this within service fabric management portal
I'm new to DSC and I've been trying for days now to have my meta-configuration working with an SMB pull server, to no avail.
Context:
Target nodes are Win 2012 R2 servers, members of a same domain
I can only use PS 4.0
I can't give read access to everyone on SMB share on pull server
I don't want to have pull mode relying on custom modules to be functional (only base PS 4.0 installation)
My authoring node is currently my test target node
I tried to use New-SelfsignedCertificateEx.ps1 but can't get it to run on my Windows 7
I'm using a self-signed certificate generated on Windows 10 with requested KUs and EKUs
My meta-configuration works with an SMB share without credentials (hosted by test target node itself / read access granted to everyone)
I've been searching the web but only found code examples or questions about credentials passed to a DSC resource. I haven't found an example of PS 4.0 code where a live PSCredential object (retrieved from Get-Credential cmdlet) gets encrypted on-the-fly to a meta-configuration mof.
I've tried to transpose numerous examples (including from here and here), but I'm unable to have my credentials encrypted and still get that well-known message each time:
ConvertTo-MOFInstance : System.InvalidOperationException error processing property 'Credential' OF TYPE 'LocalConfigurationManager': Converting and
storing encrypted passwords as plain text is not recommended. For more information on securing credentials in MOF file, please refer to MSDN blog:
http://go.microsoft.com/fwlink/?LinkId=393729
At line:190 char:16
+ $aliasId = ConvertTo-MOFInstance $keywordName $canonicalizedValue
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Write-Error], InvalidOperationException
+ FullyQualifiedErrorId : FailToProcessProperty,ConvertTo-MOFInstance
Errors occurred while processing configuration 'MetaConfigurationForPull'.
At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\PSDesiredStateConfiguration.psm1:2223 char:5
+ throw $errorRecord
+ ~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (MetaConfigurationForPull:String) [], InvalidOperationException
+ FullyQualifiedErrorId : FailToProcessConfiguration
Here's my code:
# Getting credentials for filer connection (CIFS share for pulling MOF files)
$cred = Get-Credential -Message 'Provide credentials for CIFS share hosting configuration files:'
Configuration MetaConfigurationForPull {
Param (
[PSCredential] $Credential
)
LocalConfigurationManager {
ConfigurationID = "f28a102c-71c9-43a1-abbb-a944ec7cb5cd";
CertificateID = $AllNodes.Thumbprint;
Credential = $Credential;
RefreshMode = "PULL";
RebootNodeIfNeeded = $false;
DownloadManagerName = "DscFileDownloadManager";
DownloadManagerCustomData = #{SourcePath = '\\smb_pull_server\smb_share\mofs\batch_server'};
}
}
$ConfigData= #{
AllNodes = #(
#{
# The name of the node we are describing
NodeName = "localhost"
# The path to the .cer file containing the
# public key of the Encryption Certificate
# used to encrypt credentials for this node
CertificateFile = "D:\node_rdp_cert.cer"
# The thumbprint of the Encryption Certificate
# used to decrypt the credentials on target node
Thumbprint = "d78334010df5dee5de1c7529e9419a4bb841e618"
};
);
}
MetaConfigurationForPull -Credential $cred -ConfigurationData $ConfigData -Output "D:\meta\batch_server"
I've also found that post which talks about some regression on PS 5.0 and where this guy states he had everything working like a charm on PS 4.0.
Am I missing something in the code above?
Any help would be much appreciated.
Thanks
As long as this is just a test environment, you can add:
PSDscAllowPlainTextPassword = $true
to your configuration.
Example: here.
I am attempting to setup multiple VNet to VNet connections in Azure as described here: https://azure.microsoft.com/en-us/documentation/articles/virtual-networks-configure-vnet-to-vnet-connection/
I have 4 VNets
VNet-North
VNet-South
VNet-East
VNet-West
I have been trying to setup a star topology with a Domain Controller in the center like this:
I have successfully setup VNet-North to VNet-South in both directions.
When I try to connect VNet-North to VNet-East using this PoewerShell command:
PS C:\> Set-AzureVNetGatewayKey -VNetName VNet-North -LocalNetworkSiteName VNet-East -SharedKey A1b2C3D4
It returns success
But when I try:
PS C:\> Set-AzureVNetGatewayKey -VNetName VNet-East -LocalNetworkSiteName VNet-North -SharedKey A1b2C3D4
Set-AzureVNetGatewayKey : BadRequest: The specified local network site name 'VNet-North' is not valid or could not be found.
At line:1 char:1
+ Set-AzureVNetGatewayKey -LocalNetworkSiteName VNet-North -SharedKey AaBaCaDa -VNetN ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Set-AzureVNetGatewayKey], CloudException
+ FullyQualifiedErrorId : Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.SetAzureVNetGatewayKey
Is a star topology possible?
Had the same problem, resolved by issuing Reset-AzureVNetGateway -VNetName "Name" against all parties having problem. This command will temporarily drop all connections on given VPN gateway, please use it with caution.
I created a new storage account and provisioned an HDInsight cluster on Windows Azure. However, when I try to run any command on Windows Azure Powershell related to the cluster, I get the following error:
PS C:\> Get-AzureHDInsightCluster -Name $clusterName
Get-AzureHDInsightCluster : Request failed with code:Unauthorized
Content:<Error xmlns="http://schemas.microsoft.com/windowsazure"
xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><Code>AuthenticationFailed</Code><Message>A security token
validation error occured for the received JWT token.</Message></Error>
At line:1 char:1
+ Get-AzureHDInsightCluster -Name $clusterName
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-AzureHDInsightCluster], HttpLayerException
+ FullyQualifiedErrorId : Microsoft.Hadoop.Client.HttpLayerException,Microsoft.WindowsAzure.Management.HDInsight.C
mdlet.PSCmdlets.GetAzureHDInsightClusterCmdlet
I'm completely new to HDInsight, but I ran a script before this command to add the Azure account, create variables for the subscription name, storage account name, and container name from this page.
Do you know what this error means? And how to fix it? I'm trying to run a script with Pig commands after following this website.
It looks like the PowerShell environment is not properly setup. You should add your Azure subscription first with GetAzureSubscription. See: http://www.windowsazure.com/en-us/documentation/articles/install-configure-powershell/#Connect
I want to deploy my application to azure with powershell. So far I have created a certificate in the localmachine store, I'm not going to run the deploy script as me, uploaded the script to azure. The next step is to get access to the service on azure in powershell but there it fails. The script I have so far is:
$cert = Get-Item Cert:\LocalMachine\deploy\xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Set-AzureSubscription -SubscriptionName $subscriptionName -SubscriptionId $subscriptionId -Certificate $cert
Select-AzureSubscription $subscriptionName
$service = Get-AzureService $azureId
It fails on the last row with the following message:
Get-AzureService : Communication could not be established. This could be due to an invalid subscription ID. Note that subscription IDs are case sensitive.
At F:\DeployTest\deploy.ps1:9 char:12
+ $service = Get-AzureService $azureId
+ ~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Get-AzureService], Exception
+ FullyQualifiedErrorId : Microsoft.WindowsAzure.Management.ServiceManagement.HostedServices.GetAzureServiceCommand
Get-AzureService : HTTP Status Code: AuthenticationFailed - HTTP Error Message: The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.
Operation ID:
At F:\DeployTest\deploy.ps1:9 char:12
+ $service = Get-AzureService $azureId
+ ~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Get-AzureService], CommunicationException
+ FullyQualifiedErrorId : Microsoft.WindowsAzure.Management.ServiceManagement.HostedServices.GetAzureServiceCommand
I really don't know what the problem is, the certificate I'm trying to use is uploaded so it feels like there is something fundamental I've missed.
Update: I did get it to work after downloading the .publishsettings-file and importing that instead of trying to use Set-AzureSubscription. I'm still a little bit confused though, shouldn't it be possible to use the method I tried above?
I finally found the problem, and of course it was a user problem. First when I was in the azure portal I didn't find where to upload the certificate, so I uploaded it to first place I found mentioning certificates. What I did found out was that this area was the wrong one, I uploaded the certificate to the certificate area under the cloud service I wanted to administrate, which is the wrong place.
The correct place to upload the certificate to is under settings in the admin portal of azure. So the code above works if the certificate is uploaded to the correct location.