Azure-pipelines-agent: Windows registration script fails to github certificate error
Agent version and platform
Trying to download the agent on Windows
VSTS type and version
On-Prem TFS 2018
What's not working?
Downloading https://go.microsoft.com/fwlink/?linkid=858950 using the powershell script
Exception calling "DownloadFile" with "2" argument(s): "The request was aborted: Could not create SSL/TLS secure channel to SSL/TLS."
At line:1 char:538
+ ... \agent.zip";(New-Object Net.WebClient).DownloadFile( 'https://go.micr ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : WebException
Powershell script with sensitive data removed
$ErrorActionPreference="Stop";If(-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent() ).IsInRole( [Security.Principal.WindowsBuiltInRole] “Administrator”)){ throw "Run command in Administrator PowerShell Prompt"};If(-NOT (Test-Path $env:SystemDrive\'vstsagent')){mkdir $env:SystemDrive\'vstsagent'}; cd $env:SystemDrive\'vstsagent'; for($i=1; $i -lt 100; $i++){$destFolder="A"+$i.ToString();if(-NOT (Test-Path ($destFolder))){mkdir $destFolder;cd $destFolder;break;}}; $agentZip="$PWD\agent.zip";(New-Object Net.WebClient).DownloadFile( 'https://go.microsoft.com/fwlink/?linkid=858950', $agentZip);Add-Type -AssemblyName System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory( $agentZip, "$PWD");.\config.cmd --deploymentgroup --agent $env:COMPUTERNAME --runasservice --work '_work' --url 'https://secret.place.dk/' --collectionname 'AldenteCollection' --projectname 'Secret project' --deploymentgroupname "demosite.dk" ; Remove-Item $agentZip;
The testcase can be reduced to this essentially:
$agentZip="$PWD\agent.zip";(New-Object Net.WebClient).DownloadFile( 'https://go.microsoft.com/fwlink/?linkid=858950', $agentZip);
Or even with the github redirected page instead:
$agentZip="$PWD\agent.zip";(New-Object Net.WebClient).DownloadFile( 'https://github.com/Microsoft/vsts-agent/releases/download/v2.122.1/vsts-agent-win7-x64-2.122.1.zip', $agentZip);
This download is failing on Windows 10 and Windows server 2016r2 machinery.
This is probably an issue on our end somehow, but I don't know what to do about it honestly.
jespersh
All 5 comments
May be related to GitHub deprecating TLS 1.0 and 1.1? Can you try to force/use TLS 1.2?
https://www.thesslstore.com/blog/deprecation-tls-1-0-1-1-underway/
alexwiese
on 6 Mar 2018
@jespersh we are moving away from github release, the recent agent releases are located in AzureCDN.
for now, you can change your script as @alexwiese suggest.
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
TingluoHuang
on 7 Mar 2018
Thanks @TingluoHuang and @alexwiese!
While I'll close this for now I'd like to ask if you know if future versions of powershell will automatically set this for us?
jespersh
on 8 Mar 2018
it should as old TLS version will be deprecated eventually, but i have no idea about when that will happen. :D
TingluoHuang
on 8 Mar 2018
Just ran into the same issue with setting up a deployment group for on prem TFS 2018. thanks for your suggestion.
FYI for others that aren't PowerShell savy like me, you just have to paste the command that @TingluoHuang proposed first and run it (press enter), then run the script like normal afterwards.
CodeAbuser
on 19 Mar 2018
Related issues
muthurathinam
·
3Comments
ActualReverend
·
3Comments
AceHack
·
3Comments
Gordon-Beeming
·
3Comments
gitfool
·
4Comments
Most helpful comment
@jespersh we are moving away from github release, the recent agent releases are located in AzureCDN.
for now, you can change your script as @alexwiese suggest.