Symptoms

You may receive the following error message when creating a slave VDFS repository or when changing the Master Repository Connection Details for such a repository.

Cannot establish secure connection with the remote VDFS service

The slave server could not establish a mutually authenticated connection with the specified master server.

Please ensure that the replication certificate configured on the master server:
- is valid and trusted on the slave server
- has a subject name that matches the name of the master server
- has a Server Authentication EKU

Additionally, please check that the replication certificate configured for this server is valid and is included in the list of allowed certificate-based replicators in the properties of the master server.

Cause

The error indicates that the slave server cannot establish a mutually authenticated connection with the specified master server.

Resolution

You should double-check and ensure that the prerequisites for mutual authentication are met:

  1. The Common name of the Replication Certificate installed on the master server must match the Master server name used by slave servers.
  2. The Replication Certificate of the master server must be valid. The certificate must not be expired or revoked.
  3. The Replication Certificate of the master server must be trusted on the slave servers.
  4. The Replication Certificate of the master server must have the Server Authentication purpose.

For further information, read the article KB119: Understanding certificate-based authentication for replication.

For the step-by-step instructions to get started with the certificate-based replication, read the article KB120: Getting Started with VDFS replication in a non-domain environment.

See also

KB119: Understanding certificate-based authentication for replication
KB120: Getting Started with VDFS replication in a non-domain environment

Last Modified: