chaoscreater
commented
1 year ago OK, I've just set up a fresh install of Windows 11 on a spare laptop. Installed the latest Powershell 7 and AZ module and ran my script while the laptop is connected to router B. I'm getting the same issue as my primary laptop - i.e I still get occasional SSL connection errors. However, I'm also doing a continuous ping test and it hasn't dropped a packet. I've also done a packet loss test (packetlosstest.com) and it's fine, no packet loss at all.
UPDATE 2:
After some more testing, I think I understand this a bit more now. On my laptop running Windows 10 (the one that works without any issues), it's got an Always-On VPN running in the background with no split tunneling. It's actually a work laptop and hence why I'm not fully aware of all the configurations on this machine. All traffic are routed through the VPN tunnel. For some reason, this allows the Powershell script to run without any errors.
On my primary laptop that's having issues, if I connect to any VPN server and run the script, it works fine too.
It makes absolutely no sense. If there was a network related issue with the powerline adapter, or with router B, or with the ethernet cable, then it wouldn't matter if I'm using VPN or not. However, I'm getting consistent successful test results for all laptops when they're all connected to the VPN.
I'm not using any firewall at all either.
UPDATE 3: Today, I was setting up a Linux VM in Azure and I need to install a Powershell module from the PS Gallery (powershellgallery.com). I could use openSSL to connect to powershellgallery.com and also telnet to it on 443, but I kept getting errors about SSL, which is the same error as my original post. There is an Azure Firewall that is used as the default gateway for the Linux VM and after some troubleshooting, I found that some of the Azure edge nodes got blocked by the firewall, so I just had to allow it:
And after doing that, everything works.
Going back to my original issue, I'm not using any firewalls, so it's not related. However, the issue goes away when I'm using a VPN. So there must be something that's blocking the traffic. But what's strange is that it only fails when I'm connected to router B and not router A.
Description
I'm on Windows 11 22H2 build 22621.2134. I'm using Powershell 7.3.6 and have the latest AZ module installed. I do not have any old AZ* module versions installed.
I'm running a very simple script that loops through each of my subscriptions, which fetches the app service, front door, application gateway and key vaults and store them in a array variable. Sometimes when running the script, it will throw the error
An error occurred while sending the requestand various other errors. Even running Get-AZSubscription or Set-AZContext will give me errors.I've tried both with and without the following set at the top of my script:
[Net.ServicePointManager]::SecurityProtocol = 'Tls', 'Tls11','Tls12'I've also checked the registry and there aren't any explicit configurations for the protocols or ciphers:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\ProtocolsI've used IIS Crypto and selected best practices and that set the TLS 1.0~1.3 protocols to enabled and included the ciphers as well. However, none of this made any difference.
I've also checked this path against a fresh new Windows 11 install and the configuration is the same:
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010003I've also deleted the folder:
%localappdata%\.IdentityServiceand
%USERPROFILE%\.azureand then re-authenticated from scratch using Connect-AZAccount.
I have 2 routers at home. The second one is bridged to the primary one and I'm using a powerline adapter to bridge them. So it goes from router A -> ethernet cable -> powerline adapter A -> electrical wiring in the wall -> powerline adapter B -> ethernet cable -> router B.
My laptop is connected to router B. I've noticed that whenever I'm connected to router B, I get those errors in Powershell easily. But if I'm connected to router A or my phone's hotspot, then I don't get these errors at all. That leads me to believe perhaps the issue is the powerline or the router. I've swapped out router B and the ethernet cables and even the powerline adapters, but the issue is still there. And in case anyone asks, I cannot run ethernet cables from router A to my room, for reasons that I won't get into.
The string thing is that on another laptop running Windows 10 connected to router B, it works completely fine without any errors, I've run many many tests and the results are very consistent. It's also using the same Powershell version and same module version. Only difference is that it's Win10 and not Win11.
I've also done a Wireshark trace and can share the trace file if required. I'm not a network engineer and don't really know how to analyze it other than the basics, but it seems like after the ACK, my client sent a RESET to the target (Azure)?
I've also tried this in Powershell 5 and the result is the same.
Issue script & Debug output
Environment data
Module versions
Error output