Troubleshooting certificate-based replication: slave is not authorized

Symptoms

You may receive the following error message when creating a slave VDFS repository or when changing the Master Repository Connection Details for such a repository.

Failed to access the remote VDFS service

Please ensure that the slave server is added to the list of allowed certificate-based replicators in the properties of the master server.

Also, please check that replication certificate configured for the slave server is valid and trusted on the master server.

The error indicates that the slave VDFS server was unable to authorize to the master by Replication Certificate. The Replication Certificate installed on the slave VDFS server may be invalid or not trusted on the master VDFS server.

Cause 1: master server is unable to verify the slave's replication certificate

The following event in the VisualSVN Server Replication event log on the master server indicates that the VDFS master was unable to verify the slave's Replication Certificate. More specifically, the certificate installed on the slave VDFS server is invalid or is not trusted on the master.

Access denied to the VDFS service: the replication certificate of the remote slave server is invalid.

Authentication method: Replication Certificate

Remote IP address: 203.0.113.0

Details: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

To solve this issue, you should double-check and ensure that the Replication Certificate installed on the slave VDFS server is valid and trusted on the master. For further information, read the article KB119: Understanding certificate-based authentication for replication.

Cause 2: slave server is not authorized to connect to the master

The following event in the VisualSVN Server Replication event log on the master server indicates that the slave VDFS server is not authorized to connect to the master VDFS server. More specifically, the slave VDFS server is not included in the list of the authorized replicators authenticated by Replication Certificate.

Access denied to the VDFS service: the remote slave server does not have permissions to access the local VDFS service.

Authentication method: Replication Certificate

Remote IP address: 203.0.113.0

To solve this issue, you should authorize the slave server to connect to the master. Follow these steps to add the slave server into the list of authorized replication partners:

  1. Start VisualSVN Server Manager console on the master server.
  2. Click Action | Properties and click the Replication tab.
  3. Click the Add menu-button and then choose the Add server authenticated by Replication Certificate command.
  4. Enter the Common name of the slave server and click OK.
    Note
    The entered Common name should match the Common name of the Replication Certificate on the slave server. For further details, read the article KB119: Understanding certificate-based authentication for replication.

See also

KB118: Understanding the VDFS replication settings
KB119: Understanding certificate-based authentication for replication
KB120: Getting started with VDFS replication in a non-domain environment

Last Modified: