[Service Fabric] Why won’t Visual Studio connect to my cluster?

In this blog post, I’ll discuss something that has frustrated both myself and many others for quite a while, and that is, failure of Visual Studio to connect to an Azure Service Fabric cluster. We’ll be using Visual Studio 2017 as an example.

I’m not sure whether it’s a problem with the Visual Studio tooling, poor connectivity from Visual Studio out through the internet to the cluster, or what is really going on with this but it happens quite frequently.

Requirements:

    1. You have a secure cluster up and running in Azure.
    2. You have your cluster node-to-node certificate downloaded and imported to your development machine. The certificate can be self-signed in this case.

Scenario

I have a simple Service Fabric application up and running in Visual Studio on my dev machine and I’m ready to deploy it to my Azure Service Fabric cluster.

From within Visual Studio, right-click on your Service Fabric application and select the Publish menu item. From the publish dialog box, you will be expected to connect to your Azure account.

After a couple of seconds of a spinning cursor, what you should see is your cluster listed in the Connection Endpoint. Also if you expand the Advanced Connection Parameters drop-down, you should see your certificate listed.

SNAGHTML1a175702

You can now publish to your cluster.

Up until now, life is great!

So now you decide to open up a different Service Fabric application within Visual Studio and you want to deploy that application to your cluster also.

Just like you did in the previous steps, right-click on the application name and select Publish.When you do, you see the dreaded ‘red-x’.

image

If you hover over the red-x, you will more than likely see the message ‘Failed to contact the server. Please try again later or get help from ‘How to configure secure connections’.

Troubleshooting

Since you had previously connected to the same cluster before, you know you should be able to connect again, however, this time, you are in a different application with a different publish profile.

If you were on a totally different machine trying to connect to the cluster, the first thing to check would be the certificate. You would check to make sure you have the certificate imported and also you can check in the publish dialog box to see if your certificate is listed in the Advanced Connection Parameters drop-down.

In our case, the actual solution is to close the Publish dialog box and open up the Cloud.xml file in the PublishProfiles folder.

If you scroll down in this file, you’ll see a ClusterConnectionParameters element. You need to confirm that all the settings, especially ConnectionEndpoint and ServerCertThumbprint/FindValue have the correct information. I would say most of the time, it will be the certificate thumbprint that is incorrect, but your mileage may vary. That’s what it was in the case of this scenario.

image

Once I correct the certificate thumbprint and return to the Publish dialog box, you should now see that you are able to publish to your cluster.

Suppose though that this doesn’t correct your problem. What else can you check?

  • You can open a PowerShell command prompt and run the Connect-ServiceFabricCluster cmdlet with the parameters you have in the Cloud.xml file to see if you actually can connect.
  • Although you see the red-x, that warning in the pop-up really doesn’t help much. Go ahead and click the Publish button and attempt to publish. You may be surprised to find that you can actually publish and that Visual Studio for some reason just had not updated the dialog, OR the output window will show the actual error.
  • Another thing that could happen, if you have your client-to-node security setup with Azure Active Directory (AAD), is that you receive an access-denied error. In this case, if the application you are deploying is registered with AAD and your Azure login has no permissions to do anything with the app, you may not be able to publish the app to the cluster.
  • Last but not least, in one of my much earlier blog posts I demonstrated that I ran in to an issue where I actually had to physically type in the certificate thumbprint inside of the Advanced Connection Parameters thumbprint fields because of a white-space somewhere in the thumbprint I had pasted in.

Until next time, hope this helps you with your Service Fabric development!