无法从加入块确定集群成员身份：无法验证排序配置的配置元数据：重复的同意者

我有 1 个 TLS CA、1 个根 CA、1 个中间 CA。 我的组件注册和注册成功通过。

我生成了应用程序通道创世块。我的 configtx.yaml：

Organizations:
    - &org
        Name: org
        ID: orgMSP
        MSPDir: org/msp
        Policies:
            Readers:
                Type: Signature
                Rule: "OR('orgMSP.member')"
            Writers:
                Type: Signature
                Rule: "OR('orgMSP.member')"
            Admins:
                Type: Signature
                Rule: "OR('orgMSP.admin')"
            Endorsement:
                Type: Signature
                Rule: "OR('orgMSP.member')"

        OrdererEndpoints:
            - orderer1-org:7050
            - orderer2-org:7050
            - orderer3-org:7050
        AnchorPeers:
            - Host: peer1-org
              Port: 7051


Capabilities:
    Channel: &ChannelCapabilities
        V2_0: true

    Orderer: &OrdererCapabilities
        V2_0: true

    Application: &ApplicationCapabilities
        V2_0: true


Channel: &ChannelDefaults
    Policies:
        Readers:
            Type: ImplicitMeta
            Rule: "ANY Readers"
        Writers:
            Type: ImplicitMeta
            Rule: "ANY Writers"
        Admins:
            Type: ImplicitMeta
            Rule: "ANY Admins"

    Capabilities:
        <<: *ChannelCapabilities


Application: &ApplicationDefaults

    ACLs: &ACLsDefault
        # This section provides defaults for policies for various resources       
        # in the system. These "resources" could be functions on system chaincodes        
        # (e.g., "GetBlockByNumber" on the "qscc" system chaincode) or other resources        
        # (e.g.,who can receive Block events). This section does NOT specify the resource's        
        # definition or API, but just the ACL policy for it.        #        
        # Users can override these defaults with their own policy mapping by defining the        
        # mapping under ACLs in their channel definition        
        #---New Lifecycle System Chaincode (_lifecycle) function to policy mapping for access control--#        
        # ACL policy for _lifecycle's "CheckCommitReadiness" function        
        _lifecycle/CheckCommitReadiness: /Channel/Application/Writers
        _lifecycle/CommitChaincodeDefinition: /Channel/Application/Writers
        _lifecycle/QueryChaincodeDefinition: /Channel/Application/Writers
        _lifecycle/QueryChaincodeDefinitions: /Channel/Application/Writers

    Organizations:

    Policies:
        Readers:
            Type: ImplicitMeta
            Rule: "ANY Readers"
        Writers:
            Type: ImplicitMeta
            Rule: "ANY Writers"
        Admins:
            Type: ImplicitMeta
            Rule: "MAJORITY Admins"
        LifecycleEndorsement:
            Type: ImplicitMeta
            Rule: "MAJORITY Endorsement"
        Endorsement:
            Type: ImplicitMeta
            Rule: "MAJORITY Endorsement"

    Capabilities:
        <<: *ApplicationCapabilities


Orderer: &OrdererDefaults
    OrdererType: etcdraft

    Addresses:
      - orderer1-org:7050
      - orderer2-org:7050
      - orderer3-org:7050

    BatchTimeout: 2s

    BatchSize:
        MaxMessageCount: 500
        AbsoluteMaxBytes: 99 MB
        PreferredMaxBytes: 2 MB

    MaxChannels: 0

    EtcdRaft:
        Consenters:
            - Host: orderer1-org
              Port: 7050
              ClientTLSCert: ca-tls/orderer1-org/msp/tlscacerts/tls-ca-tls.pem
              ServerTLSCert: ca-tls/orderer1-org/msp/tlscacerts/tls-ca-tls.pem
            - Host: orderer2-org
              Port: 7050
              ClientTLSCert: ca-tls/orderer2-org/msp/tlscacerts/tls-ca-tls.pem
              ServerTLSCert: ca-tls/orderer2-org/msp/tlscacerts/tls-ca-tls.pem
            - Host: orderer3-org
              Port: 7050
              ClientTLSCert: ca-tls/orderer3-org/msp/tlscacerts/tls-ca-tls.pem
              ServerTLSCert: ca-tls/orderer3-org/msp/tlscacerts/tls-ca-tls.pem


    Organizations:

    Policies:
        Readers:
            Type: ImplicitMeta
            Rule: "ANY Readers"
        Writers:
            Type: ImplicitMeta
            Rule: "ANY Writers"
        Admins:
            Type: ImplicitMeta
            Rule: "ANY Admins"
        BlockValidation:
            Type: ImplicitMeta
            Rule: "ANY Writers"


Channel: &ChannelDefaults
    Policies:
        Readers:
            Type: ImplicitMeta
            Rule: "ANY Readers"
        Writers:
            Type: ImplicitMeta
            Rule: "ANY Writers"
        Admins:
            Type: ImplicitMeta
            Rule: "ANY Admins"

    Capabilities:
        <<: *ChannelCapabilities

Profiles:

    ChannelUsingRaft:
        <<: *ChannelDefaults
        Orderer:
            <<: *OrdererDefaults
            OrdererType: etcdraft
            EtcdRaft:
                Consenters:
                    - Host: orderer1-org
                      Port: 7050
                      ClientTLSCert: ca-tls/orderer1-org/msp/tlscacerts/tls-ca-tls.pem
                      ServerTLSCert: ca-tls/orderer1-org/msp/tlscacerts/tls-ca-tls.pem
                    - Host: orderer2-org
                      Port: 7050
                      ClientTLSCert: ca-tls/orderer2-org/msp/tlscacerts/tls-ca-tls.pem
                      ServerTLSCert: ca-tls/orderer2-org/msp/tlscacerts/tls-ca-tls.pem
                    - Host: orderer3-org
                      Port: 7050
                      ClientTLSCert: ca-tls/orderer3-org/msp/tlscacerts/tls-ca-tls.pem
                      ServerTLSCert: ca-tls/orderer3-org/msp/tlscacerts/tls-ca-tls.pem
            Addresses:
                - orderer1-org:7050
                - orderer2-org:7050
                - orderer3-org:7050     
            Organizations:
                - *org
            Capabilities: *OrdererCapabilities
        Application:
            <<: *ApplicationDefaults
            Organizations:
                - *org
            Capabilities:
                <<: *ApplicationCapabilities

我尝试使用命令创建应用程序通道：

export OSN_TLS_CA_ROOT_CERT=/path/crypto/ca-tls/tls-root-cert/tls-ca-cert.pem
export ADMIN_TLS_SIGN_CERT=/path/crypto/ca-tls/osnadmin1-org/msp/signcerts/cert.pem
export ADMIN_TLS_PRIVATE_KEY=/path/crypto/ca-tls/osnadmin1-org/msp/keystore/key.pem
osnadmin channel join --channelID mychannel --config-block /tmp/hyperledger/fabric-ca/crypto/mychannel.block  -o orderer1-org:10443 \
--ca-file /path/crypto/ca-tls/tls-root-cert/tls-ca-cert.pem  --client-cert /path/crypto/ca-tls/osnadmin1-org/msp/signcerts/cert.pem  --client-key /path/crypto/ca-tls/osnadmin1-org/msp/keystore/key.pem

当我有一个同意者时，我的命令执行成功。在其他情况下（2 或 3 个同意者）我会收到下一个错误：

Status: 400
{
    "error": "cannot join: failed to determine cluster membership from join-block: failed to validate config metadata of ordering config: duplicate consenter: server cert: -----BEGIN CERTIFICATE-----\n***\n-----END CERTIFICATE-----\n, client cert: -----BEGIN CERTIFICATE-----\n***\n-----END CERTIFICATE-----\n"
}

我的订购者撰写文件：

networks:
  network:
    external: true

services:
  orderer1-org:
    container_name: $ORDERER1_NAME
    image: hyperledger/fabric-orderer:2.4
    environment: 
      - ORDERER_HOME=/path/crypto/$CA_TLS_NAME/$ORDERER1_NAME
      - ORDERER_HOST=0.0.0.0
      - FABRIC_LOGGING_SPEC=INFO
      - ORDERER_GENERAL_BOOTSTRAPMETHOD=none
      - ORDERER_GENERAL_LOCALMSPDIR=/path/crypto/ica/$ORDERER1_NAME/msp
      - ORDERER_FILELEDGER_LOCATION=/path/crypto/ica/$ORDERER1_NAME/fileledger
      - ORDERER_GENERAL_LOCALMSPID=orgMSP
      - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
      - ORDERER_CHANNELPARTICIPATION_ENABLED=true
      - ORDERER_ADMIN_LISTENADDRESS=$ORDERER1_NAME:$ORDERER1_ADMIN_PORT
      - ORDERER_ADMIN_TLS_ENABLED=true
      - ORDERER_ADMIN_TLS_PRIVATEKEY=/path/crypto/$CA_TLS_NAME/$ORDERER1_ADMIN_NAME/msp/keystore/key.pem
      - ORDERER_ADMIN_TLS_CERTIFICATE=/path/crypto/$CA_TLS_NAME/$ORDERER1_ADMIN_NAME/msp/signcerts/cert.pem
      - ORDERER_ADMIN_TLS_ROOTCAS=[/path/crypto/$CA_TLS_NAME/tls-root-cert/tls-ca-cert.pem]
      - ORDERER_ADMIN_TLS_CLIENTAUTHREQUIRED=true
      - ORDERER_ADMIN_TLS_CLIENTROOTCAS=[/path/crypto/$CA_TLS_NAME/tls-root-cert/tls-ca-cert.pem]
      - ORDERER_GENERAL_LISTENPORT=$ORDERER_PORT
      - ORDERER_GENERAL_TLS_ENABLED=true
      - ORDERER_GENERAL_TLS_CERTIFICATE=/path/crypto/$CA_TLS_NAME/$ORDERER1_NAME/msp/signcerts/cert.pem
      - ORDERER_GENERAL_TLS_PRIVATEKEY=/path/crypto/$CA_TLS_NAME/$ORDERER1_NAME/msp/keystore/key.pem
      - ORDERER_GENERAL_TLS_ROOTCAS=[/path/crypto/$CA_TLS_NAME/$ORDERER1_NAME/msp/tlscacerts/tls-$CA_TLS_NAME.pem]
      - ORDERER_GENERAL_TLS_CLIENTAUTHREQUIRED=true
      - ORDERER_GENERAL_LOGLEVEL=INFO
      - ORDERER_DEBUG_BROADCASTTRACEDIR=data/logs
      - ORDERER_CONSENSUS_WALDIR=/path/crypto/ica/$ORDERER1_NAME/etcdraft/wal
      - ORDERER_CONSENSUS_SNAPDIR=/path/crypto/ica/$ORDERER1_NAME/etcdraft/snapshot
    ports:
      - $ORDERER_PORT:$ORDERER_PORT
      - $ORDERER1_ADMIN_PORT:$ORDERER1_ADMIN_PORT
    volumes:
      - $MAIN_PATH/crypto:/path/crypto
    networks:
      - network