The following forum(s) have migrated to Microsoft Q&A (Preview): Azure Service Fabric!
Visit Microsoft Q&A (Preview) to post new questions.

Learn More

 locked
HTTPS endpoints not working in Service Fabric local cluster RRS feed

  • Question

  • I am able to run a stateless service in a local service fabric cluster. However, when I add an https end point, activation fails.

    I made the following changes:

    ServiceManifest.xml:

    <Endpoint Name="ServiceEndpoint" Type="Input" Protocol="https" Port="443" CertificateRef="my_api_cert" />
    

    ApplicationManifest.xml:

    <Policies>
      <EndpointBindingPolicy EndpointRef="ServiceEndpoint" CertificateRef="my_api_cert" />
    </Policies>
    
    <Certificates>
    <EndpointCertificate X509FindValue="[Api_SslCertHash]" Name="my_api_cert" />    </Certificates>
    

    I have uploaded the newly created certificate to Local Machine\My store too.

    I get the following error in cluster manager:

    Error event: SourceId='System.Hosting', Property='Activation:1.0:1.0'. There was an error during activation.

    What could be the solution for this issue?

    Tuesday, December 20, 2016 5:49 PM

Answers

  • You should add tracing to your code so that you can more easily capture the exceptions before they cause your processes to crash. Depending on the error, you may also be able to see the stack trace that is causing your process to exit. 

    Here are also some docs that can help you solve this problem

    https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-application-runas-security#assign-a-security-access-policy-for-http-and-https-endpoints

    https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-reliable-services-communication-webapi

    https://matt.kotsenas.com/posts/https-in-service-fabric-web-api

    http://stackoverflow.com/questions/35307118/how-to-configure-ssl-on-a-self-hosted-web-api-in-azure-service-fabric

    Tuesday, December 20, 2016 7:04 PM
  • Pavan, you need to think through this problem. Yes of course it is possible, there is just something wrong in your case. Without your code and without knowing more about your set up there is no way for someone here to just magically give you the answer.

    1. Why would Service Fabric care what type of communication stack you use? It specifically does not.
    2. There are examples that we have pointed you to of people doing exactly what you are trying to do. Did you follow those instructions? If so at what step are things not working? Since there are examples of this working, your question of "is it possible" makes no sense and makes me think that you did not read the examples that were posted.
    3. Why do you think adding more debugging logic is not useful? If you're not getting enough tracing out of your application to know what is going on, that's exactly what you need to be doing! Debug everywhere!
    4. In this case the error is saying that we can't even activate the process, so yes something is going on before your communication endpoint would be invoked it seems, so it does not surprise me that you are not seeing traces from there. What about earlier? Is the service even getting created? Share the traces that you are emitting from your application that show how far things are getting.
    5. Have you tried setting up an unhandled exception handler and using that to trace out what the error is, for example?
    6. Have you tried adding more tracing to your host process to be sure that it is getting launched and to see whether it is crashing when you try to create your service?
    7. Did you look at the node level to see if there was a different more detailed health report that contains the stack?
    Wednesday, December 21, 2016 6:47 PM
  • I am able to following the instructions from the link I mentioned earlier:

    http://ronaldwildenberg.com/running-an-azure-service-fabric-cluster-locally-on-ssl/

    The trick is that when you copy the thumbprint from the certificate store, it comes with some hidden characters in the front (when I place the cursor at the front and press <- the cursor will not advance left), so when you paste it into the manifest, SF cannot install the service. So just make sure you remove the hidden characters and then it will be ok.


    Frank

    Thursday, December 22, 2016 1:20 AM

All replies

  • You should add tracing to your code so that you can more easily capture the exceptions before they cause your processes to crash. Depending on the error, you may also be able to see the stack trace that is causing your process to exit. 

    Here are also some docs that can help you solve this problem

    https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-application-runas-security#assign-a-security-access-policy-for-http-and-https-endpoints

    https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-reliable-services-communication-webapi

    https://matt.kotsenas.com/posts/https-in-service-fabric-web-api

    http://stackoverflow.com/questions/35307118/how-to-configure-ssl-on-a-self-hosted-web-api-in-azure-service-fabric

    Tuesday, December 20, 2016 7:04 PM
  • I started from this link only.

    Is it even possible to run https apis in a local cluster? 

    Wednesday, December 21, 2016 7:25 AM
  • Hi,

    I am trying to run the https enabled api in a local cluster. Is that what is causing the problem? 

    Also, the breakpoint in the first line of my main class or the OwinCommunicationLister is also not being hit. So, there is no point in putting any debug logic. The error says some sort of activation failure:

    Error event: SourceId='System.Hosting', Property='Activation:1.0:1.0'. There was an error during activation.

    Is it possible to get some elaborate description of the cause of the error? I mean any logs where I can check?

    Wednesday, December 21, 2016 7:28 AM
  • Pavan, you need to think through this problem. Yes of course it is possible, there is just something wrong in your case. Without your code and without knowing more about your set up there is no way for someone here to just magically give you the answer.

    1. Why would Service Fabric care what type of communication stack you use? It specifically does not.
    2. There are examples that we have pointed you to of people doing exactly what you are trying to do. Did you follow those instructions? If so at what step are things not working? Since there are examples of this working, your question of "is it possible" makes no sense and makes me think that you did not read the examples that were posted.
    3. Why do you think adding more debugging logic is not useful? If you're not getting enough tracing out of your application to know what is going on, that's exactly what you need to be doing! Debug everywhere!
    4. In this case the error is saying that we can't even activate the process, so yes something is going on before your communication endpoint would be invoked it seems, so it does not surprise me that you are not seeing traces from there. What about earlier? Is the service even getting created? Share the traces that you are emitting from your application that show how far things are getting.
    5. Have you tried setting up an unhandled exception handler and using that to trace out what the error is, for example?
    6. Have you tried adding more tracing to your host process to be sure that it is getting launched and to see whether it is crashing when you try to create your service?
    7. Did you look at the node level to see if there was a different more detailed health report that contains the stack?
    Wednesday, December 21, 2016 6:47 PM
  • I am able to following the instructions from the link I mentioned earlier:

    http://ronaldwildenberg.com/running-an-azure-service-fabric-cluster-locally-on-ssl/

    The trick is that when you copy the thumbprint from the certificate store, it comes with some hidden characters in the front (when I place the cursor at the front and press <- the cursor will not advance left), so when you paste it into the manifest, SF cannot install the service. So just make sure you remove the hidden characters and then it will be ok.


    Frank

    Thursday, December 22, 2016 1:20 AM