Getting SSL/TLS issue for Get-AzureStorageAccount command

[AmrutaKawade]

Description

Steps to reproduce

1. Go to https://go.microsoft.com/fwlink/?LinkID=312990. and download publish settings file

2. In powershell run below script

   
   $settings = Import-AzurePublishsettingsFile '<file.publishsettings>'
   $thumb =  $settings.ExtendedProperties["Account"]
   $cert = Get-Item cert:\CurrentUser\My\$thumb
   $subName = $settings.Name
   $subId = $settings.Id
   Set-AzureSubscription -SubscriptionName $subName -SubscriptionId $subId  -Certificate $cert -Environment AzureCloud
   Select-AzureSubscription -SubscriptionId $subId

Get-AzureStorageAccount -Debug

## Environment data

<!-- Please run $PSVersionTable and paste the output in the below code block
     If running the Docker container image, indicate the tag of the image used and the version of Docker engine-->

## Module versions

<!-- Please run (Get-Module  -ListAvailable) and paste the output in the below code block -->

```powershell

    Directory: C:\Users\\Documents\WindowsPowerShell\Modules

ModuleType Version    Name                                ExportedCommands
---------- -------    ----                                ----------------
Script     1.9.4      Az.Accounts                         {Disable-AzDataCollection, Disable-AzContextAutosave, Enab...
Script     1.3.0      Az.Aks                              {Get-AzAksCluster, New-AzAksCluster, Remove-AzAksCluster, ...
Script     2.1.0      Az.ApiManagement                    {Add-AzApiManagementApiToGateway, Add-AzApiManagementApiTo...
Script     1.4.0      Az.Automation                       {Get-AzAutomationHybridWorkerGroup, Remove-AzAutomationHyb...
Script     1.6.0      Az.CognitiveServices                {Get-AzCognitiveServicesAccount, Get-AzCognitiveServicesAc...
Script     4.4.0      Az.Compute                          {Remove-AzAvailabilitySet, Get-AzAvailabilitySet, New-AzAv...
Script     1.10.1     Az.DataFactory                      {Set-AzDataFactoryV2, Update-AzDataFactoryV2, Get-AzDataFa...
Script     1.6.0      Az.EventHub                         {New-AzEventHubNamespace, Get-AzEventHubNamespace, Set-AzE...
Script     1.6.1      Az.FrontDoor                        {New-AzFrontDoor, Get-AzFrontDoor, Set-AzFrontDoor, Remove...
Script     1.0.2      Az.Functions                        {Get-AzFunctionApp, Get-AzFunctionAppAvailableLocation, Ge...
Script     3.6.0      Az.HDInsight                        {Get-AzHDInsightJob, New-AzHDInsightSqoopJobDefinition, Wa...
Script     2.2.0      Az.KeyVault                         {Add-AzKeyVaultCertificate, Update-AzKeyVaultCertificate, ...
Script     1.0.0      Az.Kusto                            {Add-AzKustoClusterLanguageExtension, Add-AzKustoDatabaseP...
Script     1.1.0      Az.Maintenance                      {Get-AzApplyUpdate, Get-AzConfigurationAssignment, Get-AzM...
Script     1.1.0      Az.ManagedServices                  {Get-AzManagedServicesAssignment, New-AzManagedServicesAss...
Script     2.1.0      Az.Monitor                          {Get-AzMetricDefinition, Get-AzMetric, Remove-AzLogProfile...
Script     3.4.0      Az.Network                          {Add-AzApplicationGatewayAuthenticationCertificate, Get-Az...
Script     2.3.0      Az.OperationalInsights              {New-AzOperationalInsightsAzureActivityLogDataSource, New-...
Script     2.12.1     Az.RecoveryServices                 {Get-AzRecoveryServicesBackupProperty, Get-AzRecoveryServi...
Script     2.5.1      Az.Resources                        {Get-AzProviderOperation, Remove-AzRoleAssignment, Get-AzR...
Script     2.2.0      Az.ServiceFabric                    {Add-AzServiceFabricClientCertificate, Add-AzServiceFabric...
Script     1.2.0      Az.SignalR                          {New-AzSignalR, Get-AzSignalR, Get-AzSignalRKey, New-AzSig...
Script     2.10.0     Az.Sql                              {Get-AzSqlDatabaseTransparentDataEncryption, Get-AzSqlData...
Script     2.6.0      Az.Storage                          {Get-AzStorageAccount, Get-AzStorageAccountKey, New-AzStor...
Script     21.1.18226 SqlServer                           {Add-RoleMember, Add-SqlAvailabilityDatabase, Add-SqlAvail...

    Directory: C:\Program Files\WindowsPowerShell\Modules

ModuleType Version    Name                                ExportedCommands
---------- -------    ----                                ----------------
Script     1.9.2      Az.Accounts                         {Disable-AzDataCollection, Disable-AzContextAutosave, Enab...
Script     1.1.1      Az.Advisor                          {Get-AzAdvisorRecommendation, Enable-AzAdvisorRecommendati...
Script     1.1.3      Az.Aks                              {Get-AzAks, New-AzAks, Remove-AzAks, Import-AzAksCredentia...
Script     1.1.4      Az.AnalysisServices                 {Resume-AzAnalysisServicesServer, Suspend-AzAnalysisServic...
Script     2.0.1      Az.ApiManagement                    {Add-AzApiManagementApiToProduct, Add-AzApiManagementProdu...
Script     1.1.0      Az.ApplicationInsights              {Get-AzApplicationInsights, New-AzApplicationInsights, Rem...
Script     1.3.7      Az.Automation                       {Get-AzAutomationHybridWorkerGroup, Remove-AzAutomationHyb...
Script     3.1.0      Az.Batch                            {Remove-AzBatchAccount, Get-AzBatchAccount, Get-AzBatchAcc...
Script     1.0.3      Az.Billing                          {Get-AzBillingInvoice, Get-AzBillingPeriod, Get-AzEnrollme...
Script     1.4.3      Az.Cdn                              {Get-AzCdnProfile, Get-AzCdnProfileSsoUrl, New-AzCdnProfil...
Script     1.5.0      Az.CognitiveServices                {Get-AzCognitiveServicesAccount, Get-AzCognitiveServicesAc...
Script     4.2.1      Az.Compute                          {Remove-AzAvailabilitySet, Get-AzAvailabilitySet, New-AzAv...
Script     1.0.3      Az.ContainerInstance                {New-AzContainerGroup, Get-AzContainerGroup, Remove-AzCont...
Script     1.1.1      Az.ContainerRegistry                {New-AzContainerRegistry, Get-AzContainerRegistry, Update-...
Script     1.1.0      Az.DataBoxEdge                      {Get-AzDataBoxEdgeJob, Get-AzDataBoxEdgeDevice, Invoke-AzD...
Script     1.9.0      Az.DataFactory                      {Set-AzDataFactoryV2, Update-AzDataFactoryV2, Get-AzDataFa...
Script     1.0.2      Az.DataLakeAnalytics                {Get-AzDataLakeAnalyticsDataSource, New-AzDataLakeAnalytic...
Script     1.2.8      Az.DataLakeStore                    {Get-AzDataLakeStoreTrustedIdProvider, Remove-AzDataLakeSt...
Script     1.0.0      Az.DataShare                        {New-AzDataShareAccount, Get-AzDataShareAccount, Remove-Az...
Script     1.1.0      Az.DeploymentManager                {Get-AzDeploymentManagerArtifactSource, New-AzDeploymentMa...
Script     1.0.0      Az.DesktopVirtualization            {Disconnect-AzWvdUserSession, Get-AzWvdApplication, Get-Az...
Script     1.0.2      Az.DevTestLabs                      {Get-AzDtlAllowedVMSizesPolicy, Get-AzDtlAutoShutdownPolic...
Script     1.1.2      Az.Dns                              {Get-AzDnsRecordSet, New-AzDnsRecordConfig, Remove-AzDnsRe...
Script     1.3.0      Az.EventGrid                        {New-AzEventGridTopic, Get-AzEventGridTopic, Set-AzEventGr...
Script     1.5.0      Az.EventHub                         {New-AzEventHubNamespace, Get-AzEventHubNamespace, Set-AzE...
Script     1.6.0      Az.FrontDoor                        {New-AzFrontDoor, Get-AzFrontDoor, Set-AzFrontDoor, Remove...
Script     1.0.1      Az.Functions                        {Get-AzFunctionApp, Get-AzFunctionAppAvailableLocation, Ge...
Script     3.3.1      Az.HDInsight                        {Get-AzHDInsightJob, New-AzHDInsightSqoopJobDefinition, Wa...
Script     1.1.0      Az.HealthcareApis                   {New-AzHealthcareApisService, Remove-AzHealthcareApisServi...
Script     2.5.0      Az.IotHub                           {Add-AzIotHubKey, Get-AzIotHubEventHubConsumerGroup, Get-A...
Script     2.0.0      Az.KeyVault                         {Add-AzKeyVaultCertificate, Update-AzKeyVaultCertificate, ...
Script     1.3.2      Az.LogicApp                         {Get-AzIntegrationAccountAgreement, Get-AzIntegrationAccou...
Script     1.1.3      Az.MachineLearning                  {Move-AzMlCommitmentAssociation, Get-AzMlCommitmentAssocia...
Script     1.0.0      Az.Maintenance                      {Get-AzApplyUpdate, Get-AzConfigurationAssignment, Get-AzM...
Script     1.0.2      Az.ManagedServices                  {Get-AzManagedServicesAssignment, New-AzManagedServicesAss...
Script     1.0.2      Az.MarketplaceOrdering              {Get-AzMarketplaceTerms, Set-AzMarketplaceTerms}
Script     1.1.1      Az.Media                            {Sync-AzMediaServiceStorageKey, Set-AzMediaServiceKey, Get...
Script     2.0.2      Az.Monitor                          {Get-AzMetricDefinition, Get-AzMetric, Remove-AzLogProfile...
Script     3.2.0      Az.Network                          {Add-AzApplicationGatewayAuthenticationCertificate, Get-Az...
Script     1.1.1      Az.NotificationHubs                 {Get-AzNotificationHub, Get-AzNotificationHubAuthorization...
Script     2.2.0      Az.OperationalInsights              {New-AzOperationalInsightsAzureActivityLogDataSource, New-...
Script     1.3.1      Az.PolicyInsights                   {Get-AzPolicyEvent, Get-AzPolicyState, Get-AzPolicyStateSu...
Script     1.1.2      Az.PowerBIEmbedded                  {Remove-AzPowerBIWorkspaceCollection, Get-AzPowerBIWorkspa...
Script     1.0.3      Az.PrivateDns                       {Get-AzPrivateDnsZone, Remove-AzPrivateDnsZone, Set-AzPriv...
Script     2.11.0     Az.RecoveryServices                 {Get-AzRecoveryServicesBackupProperty, Get-AzRecoveryServi...
Script     1.2.1      Az.RedisCache                       {Remove-AzRedisCachePatchSchedule, New-AzRedisCacheSchedul...
Script     1.0.3      Az.Relay                            {New-AzRelayNamespace, Get-AzRelayNamespace, Set-AzRelayNa...
Script     2.3.0      Az.Resources                        {Get-AzProviderOperation, Remove-AzRoleAssignment, Get-AzR...
Script     1.4.1      Az.ServiceBus                       {New-AzServiceBusNamespace, Get-AzServiceBusNamespace, Set...
Script     2.1.0      Az.ServiceFabric                    {Add-AzServiceFabricClientCertificate, Add-AzServiceFabric...
Script     1.1.1      Az.SignalR                          {New-AzSignalR, Get-AzSignalR, Get-AzSignalRKey, New-AzSig...
Script     2.9.0      Az.Sql                              {Get-AzSqlDatabaseTransparentDataEncryption, Get-AzSqlData...
Script     1.1.0      Az.SqlVirtualMachine                {New-AzSqlVM, Get-AzSqlVM, Update-AzSqlVM, Remove-AzSqlVM...}
Script     2.3.0      Az.Storage                          {Get-AzStorageAccount, Get-AzStorageAccountKey, New-AzStor...
Script     1.3.0      Az.StorageSync                      {Invoke-AzStorageSyncCompatibilityCheck, New-AzStorageSync...
Script     1.0.1      Az.StreamAnalytics                  {Get-AzStreamAnalyticsFunction, Get-AzStreamAnalyticsDefau...
Script     1.0.0      Az.Support                          {Get-AzSupportService, Get-AzSupportProblemClassification,...
Script     1.0.4      Az.TrafficManager                   {Add-AzTrafficManagerCustomHeaderToEndpoint, Remove-AzTraf...
Script     1.11.0     Az.Websites                         {Get-AzAppServicePlan, Set-AzAppServicePlan, New-AzAppServ...
Script     5.3.0      Azure                               {Get-AzureAutomationCertificate, Get-AzureAutomationConnec...
Script     4.6.1      Azure.Storage                       {Get-AzureStorageTable, New-AzureStorageTableSASToken, New...
Script     5.8.3      AzureRM.profile                     {Disable-AzureRmDataCollection, Disable-AzureRmContextAuto...
Script     1.0.1      Microsoft.PowerShell.Operation.V... {Get-OperationValidation, Invoke-OperationValidation}
Script     1.4.7      PackageManagement                   {Find-Package, Get-Package, Get-PackageProvider, Get-Packa...
Binary     1.0.0.1    PackageManagement                   {Find-Package, Get-Package, Get-PackageProvider, Get-Packa...
Script     3.4.0      Pester                              {Describe, Context, It, Should...}
Script     2.2.5      PowerShellGet                       {Find-Command, Find-DSCResource, Find-Module, Find-RoleCap...
Script     1.0.0.1    PowerShellGet                       {Install-Module, Find-Module, Save-Module, Update-Module...}
Script     2.0.0      PSReadline                          {Get-PSReadLineKeyHandler, Set-PSReadLineKeyHandler, Remov...

Debug output

DEBUG: 2:57:54 PM - GetAzureStorageAccountCommand begin processing with ParameterSet '__AllParameterSets'.

Confirm
Continue with this operation?
[Y] Yes  [A] Yes to All  [H] Halt Command  [S] Suspend  [?] Help (default is "Y"): A
DEBUG: 2:57:57 PM - using account id 'B7D97213C8DAEED7F204634AF7F0FE6C6C9EC792'...
VERBOSE: 2:57:57 PM - Begin Operation: Get-AzureStorageAccount

Confirm
Continue with this operation?
[Y] Yes  [A] Yes to All  [H] Halt Command  [S] Suspend  [?] Help (default is "Y"): A
DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
GET

Absolute Uri:
https://management.core.windows.net/a36c90fa-6455-47da-89ae-64c546f0770e/services/storageservices/SilentlyContinue

Headers:
x-ms-version                  : 2016-03-01

Body:

Confirm
An error occurred while sending the request.
[Y] Yes  [A] Yes to All  [H] Halt Command  [S] Suspend  [?] Help (default is "Y"): A
Get-AzureStorageAccount : An error occurred while sending the request.
At C:\Users\amkawade\Desktop\sslissue.ps1:10 char:1
+ Get-AzureStorageAccount -Debug $DebugPreference
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : CloseError: (:) [Get-AzureStorageAccount], HttpRequestException
    + FullyQualifiedErrorId : Microsoft.WindowsAzure.Commands.ServiceManagement.StorageServices.GetAzureStorageAccount
   Command

VERBOSE: 2:58:05 PM - Completed Operation: Get-AzureStorageAccount
DEBUG: AzureQoSEvent: CommandName - Get-AzureStorageAccount; IsSuccess - False; Duration - 00:00:11.0132616; Exception
- System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The
request was aborted: Could not create SSL/TLS secure channel.
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)
   --- End of inner exception stack trace ---
   at Microsoft.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at Microsoft.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccess(Task task)
   at Microsoft.WindowsAzure.Management.Storage.StorageAccountOperationsExtensions.Get(IStorageAccountOperations
operations, String accountName)
   at
Microsoft.WindowsAzure.Commands.Utilities.Common.ServiceManagementBaseCmdlet.ExecuteClientActionNewSM[TResult](Object
input, String operationDescription, Func`1 action, Func`3 contextFactory);
DEBUG: Finish sending metric.
DEBUG: 2:58:06 PM - GetAzureStorageAccountCommand end processing.
DEBUG: 2:58:06 PM - GetAzureStorageAccountCommand end processing.

Error output

This used to work before week or something suddenly it started failing

[blueww]

@AmrutaKawade Get-AzureStorageAccount seems are not from the current Azure Powershell, and in old Azure Powershell module AzureRM.Storage, the cmdlet name is also different "Get-AzureRmStorageAccount".

After search, seems the cmdlet is from module "Azure.Service" https://docs.microsoft.com/en-us/powershell/module/servicemanagement/azure.service/get-azurestorageaccount?view=azuresmps-4.0.0. But I don't see this module imported on your machine. would you please run Get-Command Get-AzureStorageAccount and see where the cmdlet come from.

And, Azure Powershell has moved to new Az module more than 1.5 years, please use the new module: With the new module , first use Connect-AzAccount to login your Azure account, then use Get-AzStorageAccount to get account.

@dingmeng-xue , @erich-wang Does Azure Powershell still support PublishsettingsFile in Az module?

[AmrutaKawade]

Get-Command Get-AzureStorageAccount

CommandType     Name                                               Version    Source
-----------     ----                                               -------    ------
Cmdlet          Get-AzureStorageAccount                            5.3.0      Azure

I am from AzureDevOps team and many customer who were using this command with Azure Classic resources has reported this issue. Its difficult to ask all customers to move to Az Module. As this was working till couple of weeks back. we want to know route cause of it.

[rhythmnewt]

I'm not sure if it's specifically related to Get-AzureStorageAccount command. We're getting the same SSL/TLS error with Get-AzureDeployment command.

2020-09-29T23:18:47.7917287Z ##[debug]7:18:47 PM - Begin Operation: Get-AzureDeployment
2020-09-29T23:18:48.2113173Z ##[debug]Error record:
2020-09-29T23:18:48.3668812Z ##[debug]get-azuredeployment : An error occurred while sending the request.
2020-09-29T23:18:48.3682720Z ##[debug]At C:\Users\build_service\AppData\Local\Temp\tmp31D8.ps1:12 char:1
2020-09-29T23:18:48.3695750Z ##[debug]+ get-azuredeployment -servicename $servicename -slot production
2020-09-29T23:18:48.3709285Z ##[debug]+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2020-09-29T23:18:48.3730774Z ##[debug]    + CategoryInfo          : CloseError: (:) [Get-AzureDeployment], HttpRequestException
2020-09-29T23:18:48.3744048Z ##[debug]    + FullyQualifiedErrorId : Microsoft.WindowsAzure.Commands.ServiceManagement.HostedServices.GetAzureDeploymentCommand
2020-09-29T23:18:48.3757016Z ##[debug] 

2020-09-29T23:18:48.3948450Z ##[debug]Exception:
2020-09-29T23:18:48.4025448Z ##[debug]System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
2020-09-29T23:18:48.4047120Z ##[debug]   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
2020-09-29T23:18:48.4081135Z ##[debug]   at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)
2020-09-29T23:18:48.4083524Z ##[debug]   --- End of inner exception stack trace ---
2020-09-29T23:18:48.4096869Z ##[debug]   at Microsoft.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
2020-09-29T23:18:48.4109780Z ##[debug]   at Microsoft.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccess(Task task)
2020-09-29T23:18:48.4122903Z ##[debug]   at Microsoft.WindowsAzure.Management.Compute.DeploymentOperationsExtensions.GetBySlot(IDeploymentOperations operations, String serviceName, DeploymentSlot deploymentSlot)
2020-09-29T23:18:48.4138308Z ##[debug]   at Microsoft.WindowsAzure.Commands.Utilities.Common.ServiceManagementBaseCmdlet.ExecuteClientActionNewSM[TResult](Object input, String operationDescription, Func`1 action, Func`3 contextFactory)

[dingmeng-xue]

@rhythmnewt , this is a general issue recently. It seems an issue from Azure Portal because Azure cmdlets have no change for 2 years. . Do you still have previous workable publish setting files?

Couple workarounds below

1. Authenticate using AAD authentication
2. Authenticate usign a self-signed cert
   1. Create a self-signed cert in your CurrentUser\My store. you can find details on creating a self-signed cert here: https://docs.microsoft.com/en-us/azure/cloud-services/cloud-services-certs-create
   2. Export the public key for the cert as a DER-encoded CER file (you can use mmc or any other cert tool for this)
   3. Upload the .Cer file as a management certificate through the portal: https://docs.microsoft.com/en-us/previous-versions/azure/azure-api-management-certs
   4. Authenticate using Set-AzureSubscription:

      PS C:\> Clear-AzureProfile
      PS C:\> $cert = Get-Item Cert:\CurrentUser\My\<cert-thumbprint>
      PS C:\ > Set-AzureSubscription -SubscriptionName "<name of subscription>" -SubscriptionId <sub-id> -Certificate $cert
      PS C:\> Select-AzureSubscription -SubscriptionId <sub-id>

Another workaround is still to leverage publish setting file. But private key needs to be imported by below code. $encodedCert is value of ManagementCertificate element in publish setting file.

$pfxPath = "c:\cer1.pfx"
$encodedCert = "......"
$certBytes = [System.Convert]::FromBase64String($encodedCert)
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList ($certBytes, [System.String]::Empty, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable)
$pfx = $cert.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Pfx)
[IO.File]::WriteAllBytes($pfxPath,$file)
Import-PfxCertificate -FilePath $pfxPath -CertStoreLocation Cert:\CurrentUser\My\

[keithbabinec]

My team has been hitting this problem with our Azure classic cloud service pipelines in Azure DevOps. Agreed that it doesn't seem to be the cmdlets themselves because those obviously haven't changed in years now. Wondering if there is a bug with the Azure DevOps agents if they aren't correctly importing the service connection's client certificate then?

This issue does seem to be happening to a lot of customers right now. FYI here are 3 different threads for customers who are experiencing this issue starting this month:

https://developercommunity.visualstudio.com/content/problem/1179481/unable-to-create-ssl.html

https://developercommunity.visualstudio.com/content/problem/1185119/on-release-when-executing-powershell-to-azure-clou.html

https://stackoverflow.com/questions/63940041/azure-devops-powershell-script-could-not-create-ssl-tls-secure-channel

[yareyes]

Following as we have the same issue in our DevOps pipelines.

[eric-winkler]

We're seeing this same behavior in a Server 2019 VM. Once KB4570720 is applied a previously working Get-AzureStorageAccount begins throwing a Could not create SSL/TLS secure channel error.

[BagpussUK]

@dingmeng-xue The second workaround is, well, working for us at the moment so thanks for that. Obviously it will still be good to get to the bottom of the issue.

[dcaro]

This issue is caused by a change of behavior introduced with the .NET September update. The following code will restore implicit storage of keys (the previous .Net 4.x behavior) through an environment variable:

Set-Item env:\COMPLUS_CngImplicitPersistKeySet 1

NOTE: You will then need to create a new publishsettings file, as the old certificate and keys will not be overwritten by a subsequent import.

[dcaro]

Related issue with additional details about the behavioral change: https://github.com/Azure/azure-powershell/issues/13146

[briandunnington]

@dcaro We are experiencing this error when running Azure Powershell commands in a DevOps pipeline. Do we have to add the Set-Item command in every PS script in our pipeline? Or just once at the beginning? Can you further explain "You will then need to create a new publishsettings file, as the old certificate and keys will not be overwritten by a subsequent import." - I dont know what that means unfortunately.

[dcaro]

The Set-Item command set the environment variable COMPLUS_CngImplicitPersistKeySet to 1 and is read when importing the .publishsettings file. In the context of ADO, I believe that it is better to set it at the task / pipeline configuration level. This article should help you with setting environment variables: https://docs.microsoft.com/en-us/azure/devops/pipelines/process/variables?view=azure-devops&tabs=classic%2Cbatch#set-variables-in-pipeline

[mschmeller]

@dcaro It's not working for me. I get the same error "The request was aborted: Could not create SSL/TLS secure channel." after following your advice. What I'm doing wrong? Here is my test script: Import-Module -Name "C:\Program Files\WindowsPowerShell\Modules\Azure\5.1.2\Azure.psd1" -Global cd C:\temp\azure

Set-Item -Path env:COMPLUS_CngImplicitPersistKeySet -Value 1 $myValue = Get-Item -Path env:COMPLUS_CngImplicitPersistKeySet $settings = Import-AzurePublishsettingsFile 'new.publishsettings' $thumb = $settings.ExtendedProperties["Account"] $cert = Get-Item cert:\CurrentUser\My\$thumb $subName = $settings.Name $subId = $settings.Id Set-AzureSubscription -SubscriptionName $subName -SubscriptionId $subId -Certificate $cert -Environment AzureCloud $subscription = Select-AzureSubscription -SubscriptionId $subId

$deployment = Get-AzureDeployment -ServiceName "x-zwo" -Slot "Staging" -debug -ErrorVariable a -ErrorAction SilentlyContinue if($a[0] -ne $null) { $a[0] |fl * -Force } else { $deployment }

The Set-Item command set the environment variable COMPLUS_CngImplicitPersistKeySet to 1 and is read when importing the .publishsettings file. In the context of ADO, I believe that it is better to set it at the task / pipeline configuration level. This article should help you with setting environment variables: https://docs.microsoft.com/en-us/azure/devops/pipelines/process/variables?view=azure-devops&tabs=classic%2Cbatch#set-variables-in-pipeline

[adamzhangsm]

Set-Item can setup this variable but unfortunately doesn't honor this in the current PS session.

If your code is working in Azure DevOps, you can setup this environment variable in DevOps Pipeline level.

---

If you are using some Windows client, I recommend Adding this variable by using System Control Panel/System Properties - Environment Variables. You need to start a new PS session after that to run the script.

Or you can use powershell to add this environment variable:

if you want to set up it the machine level, you need the admin privilege for PS:

Again, this takes effective in the new PS session, not the current one.

[AmrutaKawade]

We have fixed this issue from AzureDevOps Task side by setting PersistKeySet while importing certificate. closing this issue

[dingmeng-xue]

https://www.powershellgallery.com/packages/Azure/5.3.1 is available now.