locked
Problem High Availability On premise Service bus 1.1 RRS feed

  • Question

  • Hello Microsoft,

    I have some troubles with creating a high available (On premise) Service BUS.

    1) I have installed the servicebus services on 3 computers

    2) The first bus is the initial servicebus. There I installed a certificate like in the following website.
    http://www.22bugs.co/post/sb-farm-setup-dns-and-custom-certificate/

    Only I am using a domain CA so, via the certificate MMC I have requested a computer certificate. Another certificat I can't create like in the blog, because the application used in the blog isn't available anymore and with powershell certificate creation i get an AT_KeyExchange errror.

    So a day later the bus is working and I have asigned the Farm certificat to my created certificate. (the certificate uses the FQN name of my machine )

    Okay so far so good, one bus is working.

    3) To make the bus HA I have joined 2 other servicebuses. By first placing the farmcertificate in the personal and trusted place of the machine and then the services have joined the farm. 

    4) The farm gets 3 endpoints, but I can only connect to one endpoint. The other 2 servers get an SSL error. Thats strange right because the certificate is available in the machines. 

    5)well I was thinking that maybe I need to create a virtual thing like they are telling me in the following site. So I have added the DNS name to the certificate name but still no HA and only an ssl problem.

    https://blogs.msdn.microsoft.com/feseca/2016/09/13/considerations-while-planning-high-availability-for-windows-service-bus/


    What am I doing wrong?

    Is the certificat still nog working correctly, but how can I make it right than within a domain?
    Because I have tried differtent options, but nothings is working for HA.

    Kind regards,


    Sabrina van den Barselaar


     

    Friday, March 31, 2017 1:50 PM

All replies

  • Are you using Network Load Balancer?

    Try to connect directly to one of the new servers? Is it still failing?

    Monday, April 3, 2017 5:50 PM
  • Hello Serkan,

    Yes I have tried with and without Network Load Balancer. The only difference I can see with that is that I get 1 or 3 Endpoints. :-)

    When I connect directly to one of the joined servers I still get a SSL error.
    What am I doing wrong?

    Tuesday, April 4, 2017 2:50 PM
  • What is the subject alternative name of the certificate that you installed on the servers? Is it a wildcard cert?
    Tuesday, April 11, 2017 3:59 PM
  • No it's a Domain Certificate created at the CA of the DC,  (every machine has its own certificate, that is also installed on the other machines but that’s also not working)

    I have created as followed :

    • In certificate choose All Tasks an then click on Request Certificate with new Key...
    • Then ik choose for the active directory enrolment policy computer certificate
      with: server and client authentication for 365 days

    Type of certificate is of course created on every machine with the settings as described in the following website

    http://www.22bugs.co/post/sb-farm-setup-dns-and-custom-certificate/

    So what am I doing wrong?

    Wednesday, July 5, 2017 3:07 PM