Recently I've been building some "servers" on-premises in order for me to demo Azure Arc for some presentations that I am delivering and I hit a snag trying to run the PowerShell script that would set up the Azure Arc agent on my server. It was a bit of a weird error, so I wanted to share it with you all (and have something for me if I hit this error again! lol).
The server that I had built didn't have the correct NuGet or Az.Accounts modules installed in order to run the Arc install script and it couldn't seem to update them. It was throwing an "Unable to download the list of available providers. Check your internet connection". Which seemed strange as the server did have internet access, I was interacting with the Azure Portal on it. 😉
So I did the usual checks with this kind of error, checked DNS, checked ping commands and and WGET from the PowerShell command shell, and even tried to browse the URL it said it couldn't get via my Edge browser.
All was coming back okay.
Turning to the Internet I found this article: https://devblogs.microsoft.com/powershell/powershell-gallery-tls-support/
In April 2020 the PowerShell Gallery team deprecated Transport Layer Security (TLS) versions 1.0 and 1.1 support meaning all client-server connections would need to use TLS 1.2 (or a later version).
Windows Server and Windows Clients allow SSL3, TLS 1.0, TLS 1.1 and TLS 1.2 connections. Any outbound request for an SSL site will attempt to use SSL3/TLS 1.0 as it's default protocol.
Which was my problem, my server was trying to communicate with the PowerShell Gallery via TLS 1.0 and it wasn't responding because it only wanted to connect over TLS 1.2 or above!
To check what TLS protocol your PowerShell session or server is set to you can run the following command:
To change the TLS setting you can run this PowerShell command:
This will change the security protocol to TLS 1.2 for that action and then it will revert back to the user’s security protocol back to what it was.
Call to Action
I do wish the error message had been a bit more explicit instead of leading me down a rabbit hole, but thankfully I found the fix and managed to get on with what I was trying to do. 😉