Share via

Unable to Access Service Fabric Cluster Endpoint After Certificate Renewal

Buchczyk, Kornelia 40 Reputation points
2025-10-20T13:30:20.6066667+00:00

Hello,

I am experiencing an issue accessing a Service Fabric Cluster endpoint after renewing the cluster certificate.

Steps performed during certificate renewal:

  1. Generated and stored a new self-signed certificate in Azure Key Vault
  2. Updated the Cluster and VMSS with the new certificate as a secondary
  3. Promoted the secondary certificate to primary
  4. Removed the old certificate
  5. Configured Microsoft Entra ID for client authentication to access the Service Fabric dashboard

Environment details: I have three clusters configured as follows

  • ClusterA – 5 nodes
  • ClusterB – 5 nodes
  • ClusterC – 3 nodes

The above steps completed successfully for all clusters.

  • For ClusterA and ClusterB I can access the Service Fabric dashboard and connect using PowerShell (Connect-ServiceFabricCluster @ConnectArgs)
  • For ClusterC unfortunately I cannot access the dashboard or connect using PowerShell

Observed behavior on ClusterC:

  • When attempting to open the dashboard, I receive an ERR_TIMED_OUT error.
  • When connecting via PowerShell- the following warnings and error appear

WARNING: Failed to contact Naming Service. Attempting to contact Failover Manager Service...

WARNING: Failed to contact Failover Manager Service, Attempting to contact FMM...

False

WARNING: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond <masked privateIP>:19000

Connect-ServiceFabricCluster : No cluster endpoint is reachable, please check if there is connectivity/firewall/DNS issue.

At line:1 char:1

+ Connect-ServiceFabricCluster @ConnectArgs

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo : InvalidOperation: (:) [Connect-ServiceFabricCluster], FabricException

+ FullyQualifiedErrorId : TestClusterConnectionErrorId,Microsoft.ServiceFabric.Powershell.ConnectCluster

Additional information:

Applications and services are still running correctly within ClusterC.

The issue only affects access to the cluster endpoint and dashboard.

I would appreciate any hints or troubleshooting steps to resolve this issue ;-)

Thank you!!

Azure Service Fabric
Azure Service Fabric
An Azure service that is used to develop microservices and orchestrate containers on Windows and Linux.
0 comments
Answer accepted by question author
  1. Jilakara Hemalatha 3,115 Reputation points Microsoft External Staff Moderator
    2025-10-21T19:00:00.8533333+00:00

    Hi

    Thank you for reaching out and providing detailed information about the steps you performed during the certificate renewal process. Based on the details and the behavior observed, it appears that ClusterC is facing a certificate binding or connectivity issue following the certificate update.

    It mostly likely due to the new certificate may not be fully propagated or correctly bound to the cluster configuration on all nodes. This can prevent client authentication and dashboard access.

    Could you please check the below details:

    1. Ensure the certificate thumbprint in the Cluster configuration matches the new certificate.
    2. Ensure ports 19000 and 19080 are open in the Network Security Group (NSG) and Load Balancer. From your management VM, run:

    Test-NetConnection <ClusterC-IP> -Port 19000

    Test-NetConnection <ClusterC-IP> -Port 19080

    If these tests fail, it’s likely a network or firewall configuration issue.

    3.Since Clusters A and B are working fine, please compare Cluster C’s certificate thumbprint, VMSS settings, and NSG rules with those clusters to make sure nothing is missing.

    1. Run the following PowerShell command to verify the health state:

    Get-ServiceFabricClusterHealth

    If any node or subsystem shows as unhealthy, review the event logs or the Service Fabric trace files for certificate or connectivity-related errors.

    Reference: https://free.blessedness.top/en-us/azure/service-fabric/service-fabric-cluster-security-update-certs-azure

    https://docs.azure.cn/en-us/service-fabric/cluster-security-certificate-management

    https://free.blessedness.top/en-us/azure/service-fabric/service-fabric-cluster-security#security-recommendations

    Please let me know if you have any queries.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.