Closed dweddig01 closed 3 years ago
as a follow up, i did run the invoke-webrequest -uri "https://www.google.com" and it does respond as expected. `PS E:\downloads\powershell> invoke-webrequest -uri "https://www.google.com"
StatusCode : 200 StatusDescription : OK Content : <!doctype html>
<meta content="Search the world's information, including webpages, images, videos and more. Google has many speci… RawContent : HTTP/1.1 200 OK Date: Thu, 03 Dec 2020 18:28:05 GMT Cache-Control: max-age=0, private P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Server: gws X-XSS-Protection: 0 X-Frame-… Headers : {[Date, System.String[]], [Cache-Control, System.String[]], [P3P, System.String[]], [Server, System.String[]]…} Images : {@{outerHTML=<img alt="December Holidays" border="0" height="180" src="/logos/doodles/2020/december-holidays-days-2-30-6753651837108830.3-law.gif" title="December Holidays" width="500" id="hplogo">; tagName=IMG; alt=December Holidays; border=0; height=180; src=/logos/doodles/2020/december-holidays-days-2-30-6753651837108830.3-law.gif; title=December Holidays; width=500; id=hplogo}} InputFields : {} Links : {@{outerHTML=<span class=gbtb2>Search; tagName=A; class=gbzt gbz0l gbp1; id=gb_1; href=https://www.google.com/webhp?tab=ww}, @{outerHTML=<a class=gbzt id=gb_2 href="https://www.google.com/imghp?hl=en&tab=wi"><span class=gbts>Images; tagName=A; class=gbzt; id=gb_2; href=https://www.google.com/imghp?hl=en&tab=wi}, @{outerHTML=<a class=gbzt id=gb_8 href="https://maps.google.com/maps?hl=en&tab=wl"><span class=gbts>Maps; tagName=A; class=gbzt; id=gb_8; href=https://maps.google.com/maps?hl=en&tab=wl}, @{outerHTML=<a class=gbzt id=gb_78 href="https://play.google.com/?hl=en&tab=w8"><span class=gbts>Play; tagName=A; class=gbzt; id=gb_78; href=https://play.google.com/?hl=en&tab=w8}…} RawContentLength : 49636 RelationLink : {}`I am still doing research, currently down a rabbit hole of something messed up with provided certificates (from Microsoft) that somehow got messed up, but I seem to keep hitting red-herrings.
Additional info, i am doing wireshark captures and every other communication out is going through our proxy, except the connect-azaccount is not. Now technically, I think we have a direct connection to the azure cloud as we have a tenant in the gov cloud, but even if I do an invoke-webrequest -uri "login.microsoftonline.com" it goes through the proxy, successfully.
And yet more info. In digging into proxy settings, PowerShell 7 is supposed to use the proxy defined in the internet proxy settings, in my case it is setup to use a script (per enterprise requirements.) And my coworker can use PowerShell 7 and connect to the internet without any changes, however I have to force it to use a proxy with the following: `[System.Net.Http.HttpClient]::DefaultProxy = New-Object System.Net.WebProxy('http://name.url:port', $true)
I changed the actual proxy url name and port. I don't know if this is related to the connect-azaccount ssl error, or not. But the connect-azaccount works on my coworker's machine and doesn't on mine. I could really use some guidance on this, even if it is to submit the issue elsewhere.
We will look into that.
update: This definitely has to do with the proxy, but possibly outside the connect-azaccount control? If i use invoke-webrequest, the proxy is used, but if I use connect-azaccount the proxy is not used. The proxy is set at the IE level using a PAC script. If I set $env:http_proxy="proxy.server.com:port" and $env:https_proxy="proxy.server.com:port" then connect-azaccount works and opens up the login page, and does appear to use the proxy. What is confusing to me is why I have to go through setting these variables where other colleagues do not, also, why would connect-azaccount not use the proxy, when invoke-webrequest does, even without those environment variables defined? Is there a way to get all the PowerShell commands to use the proxy consistently?
@dweddig01 can you confirm if your colleagues are using the same version of Az.Accounts?
There was a bug https://github.com/Azure/azure-sdk-for-net/issues/16990 in Azure.Core which causes http proxy is not respect in Windows Azure PowerShell, please mitigate the issue by:
The environment is just workaround before applying updated Azure.Core into Azure PowerShell, we plan to apply the fix into Azure PowerShell around Jan 2021.
Thank you for the update!
Description
Attempting to connect to azure with connect-azaccount command. Continue to return SSL connection could not be established. I am able to reproduce this issue with both PowerShell 5.1 and PowerShell 7. When monitoring traffic with wireshark there is a reset being executed after login.microsoft.com connection is made, and the remote reset is being done by www.tm.a.prd.aadg.akadns.net. It does work for a colleague of mine in the same network, so appears isolated to my machine. Difference is that I have been using the web browser to connect to multiple different Azure accounts over the last three weeks. Browser sessions still work, but attempting to connect through PowerShell does not.
I do see similar ssl connect issues, but none appear related, or I am not understanding what the actual resolution is. I have tried multiple steps. Including turning off certificate validation: [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} (event tried setting to $false) just to see what happens.
I am guessing it is related to some persistance data, or it is related to a certificate that for some reason is not passing through.
I am unable to provide a full network capture as there is too much data I would have to cleanse, but can provide more detailed snippets if that helps.
Steps to reproduce
Environment data
Module versions
Debug output
Error output