Closed jlperkins closed 7 months ago
Alexey-Ayupov
commented
7 months ago Hello @jlperkins, This is a very strange situation, since the latest image version you are using should be 20240204.1.0. https://github.com/actions/runner-images/blob/main/images/windows/Windows2022-Readme.md
Any way we will check the Import-PfxCertificate command behavior on the Azure DevOps runners.
Alexey-Ayupov
commented
7 months ago Hello @jlperkins, I have tested the behavior of Azure PowerShell PKI module and could not reproduce the issue. The PKI module is a standard one so it is hard to imagine it is missing. The "Import" step was tested in both modes of pwsh: true/false
I am going to close the issue since it could not be reproducible.
If you have any other questions feel free to reach us.
Below you can find my test pipeline.
pool:
vmImage: windows-2022
steps:
- task: PowerShell@2
displayName: 'Create and export cert'
inputs:
targetType: 'inline'
pwsh: true
script: |
$PSVersionTable.PSVersion.ToString() # get PS version
Import-Module PKI -UseWindowsPowerShell # this will create WinPSCompatSesion PS Remoting session
$s = Get-PSSession -Name WinPSCompatSession
# Snippet to create and export test cert.
icm $s {$TestCertificate = New-SelfSignedCertificate -Subject 'TestCertificate' -KeyExportPolicy 'Exportable' -CertStoreLocation 'Cert:\LocalMachine\My'}
$mypwd = ConvertTo-SecureString -String '1234' -Force -AsPlainText
icm $s {Export-PfxCertificate -Cert $TestCertificate -FilePath C:\mypfx.pfx -Password $using:mypwd | Out-Null}
get-childitem -path c:\ # To check that .pfx file was created
- task: PowerShell@2
displayName: 'Import cert'
inputs:
targetType: 'inline'
pwsh: false
script: |
# Snippet to import previously created cert.
$mypwd = ConvertTo-SecureString -String '1234' -Force -AsPlainText
$params1 = @{
FilePath = 'C:\mypfx.pfx'
CertStoreLocation = 'Cert:\LocalMachine\Trust'
Password = $mypwd
}
Import-PfxCertificate @params1
Description
My team has production Azure DevOps pipelines which run on the Windows Server 2022 image. In the pipeline, we run PowerShell commands. After our pipelines began consuming the latest version of this image (20240128.1.0), our pipelines consistently fail, and we see the following error:
##[error]Import-PfxCertificate: The 'Import-PfxCertificate' command was found in the module 'PKI', but the module could not be loaded. For more information, run 'Import-Module PKI'.We were unsuccessful in reproducing this issue. Running just the
Import-PfxCertificatecommand in a pipeline on this image does not produce an error. However, we still think the new version of the image is the culprit, since reverting to the previous version of this image (20240122.1.0) mitigated the issue for us.Happy to provide more detail as we can. Thanks for any help.
Platforms affected
Runner images affected
Image version and build link
Experiencing issue in version: 20240128.1.0
Unable to provide build links as our product is not public.
Is it regression?
Yes - works fine with version: 20240122.1.0
Expected behavior
We expect PowerShell to be able to import necessary modules as usual.
Actual behavior
PKI module is inexplicably unable to be loaded.
Repro steps
We were unable to reproduce this in a simple pipeline based on the image. In a pipeline only running
Import-PfxCertificate, all PowerShell modules were loaded just fine. Perplexing. Since reverting to the previous version mitigated the issue in our production pipelines, we still feel this is a bug in the new image.