Symptoms
You may receive the following error message when creating a slave VDFS repository or when changing the Master Repository Connection Details for such a repository.
The slave server could not establish a mutually authenticated connection with the specified master server.
Please ensure that the replication certificate configured on the master server:
- is valid and trusted on the slave server
- has a subject name that matches the name of the master server
- has a Server Authentication EKU
Additionally, please check that the replication certificate configured for this server is valid and is included in the list of allowed certificate-based replicators in the properties of the master server.
Cause
The error indicates that the slave server cannot establish a mutually authenticated connection with the specified master server.
Resolution
You should double-check and ensure that the prerequisites for mutual authentication are met:
- The Common name of the Replication Certificate installed on the master server must match the Master server name used by slave servers.
- The Replication Certificate of the master server must be valid. The certificate must not be expired or revoked.
- The Replication Certificate of the master server must be trusted on the slave servers.
- The Replication Certificate of the master server must have the Server Authentication purpose.
For further information, read the article KB119: Understanding certificate-based authentication for replication.
For the step-by-step instructions to get started with the certificate-based replication, read the article KB120: Getting started with VDFS replication in a non-domain environment.
See also
KB119: Understanding certificate-based authentication for replication
KB120: Getting started with VDFS replication in a non-domain environment