service-fabric icon indicating copy to clipboard operation
service-fabric copied to clipboard

Published 20 hours ago verified publisher icon microsoft

Local Cluster Manager fails with "ERR_SSL_PROTOCOL_ERROR" in Chrome

Open nikulk opened this issue 5 years ago • 8 comments

When accessing local SF cluster manager at https://localhost:19080/Explorer/, Chrome (version 77.0.3865.120) fails to load it with the following message: " This site can’t provide a secure connection localhost sent an invalid response. ERR_SSL_PROTOCOL_ERROR "

Internet Explorer and Firefox also fail with similar errors.

Expected Behavior

I should be able to access the Cluster Manager.

Current Behavior

See summary.

Steps to Reproduce

This started happening recently on a pre-existing SF cluster, it used to work before.

To try and fix, I installed the latest version of SF runtime, but still hitting the same issue.

Context (Environment)

Service Fabric Runtime and SDK Version :

Runtime 6.5.676, SDK 3.4.676 (after installing latest one)

Operating System :

Win 10

Cluster Size :

1-Node local cluster

Possible Workaround

None so far.

nikulk avatar Nov 01 '19 09:11 nikulk

Is your local cluster deployed secured?

masnider avatar Dec 19 '19 19:12 masnider

Are you able to access to SFX by changing it to http instead of https? Also are you able to connect to the cluster over powershell using https aswell?

jeffj6123 avatar Dec 30 '19 23:12 jeffj6123

I believe it is deployed as Secure, but how do I check for sure @masnider ?

Tried changing to http, it redirects back to https @jeffj6123

nikulk avatar Jan 02 '20 04:01 nikulk

I have the same issue with my Azure Service fabric local cluster and I am not able to open Manage local cluster window.

naveenaggarwal1 avatar Apr 22 '20 01:04 naveenaggarwal1

I am running into this issue with versions: 7.1.409.9590 SDK version: 4.1.409.9590

admsugar avatar May 12 '20 22:05 admsugar

I am having the same issue, and for me it happened after migrating to .NET core 3.1. I can still access the same endpoint using HTTP (It seems that it ignores the UseHttps call). Have you tried using the HTTP:// protocol and see if this works?

I managed to make it work by enforcing using TLSv1.2:

var webHostBuilder = new WebHostBuilder().UseKestrel(opt =>
                {
                    foreach (var endpoint in endpoints)
                    {
                        var endpointDesc = serviceContext.CodePackageActivationContext.GetEndpoint(endpoint);

                        opt.ConfigureHttpsDefaults(listenOptions =>
                        {
                            listenOptions.SslProtocols = SslProtocols.Tls12;
                        });

Though it does not work as expected on a 5 node production cluster. My HTTPS call gets through one of five times, the rest are still served as plain HTTP. This is very confusing.

Did anybody managed to fix it?

jfalameda avatar Sep 11 '20 15:09 jfalameda

I was able to fix this in Edge chromium by deleting the "domain security policies" for localhost:

  1. Navigate to edge://net-internals/#hsts.
  2. Scroll down to the last section, labeled Delete domain security policies.
  3. Enter localhost and click the Delete button

Since this net-internals is part of Chromium, this also works with Chrome. The only difference being the URL: chrome://net-internals/#hsts.

I was struggling with this issue myself for months now. Hopefully, this helps get someone else unblocked as well.

mlafleur avatar Oct 13 '20 15:10 mlafleur

I think it needs to be assigned on @jeffj6123, also can be closed as edge://net-internals/#hsts helps.

abatishchev avatar Oct 04 '22 16:10 abatishchev