我正在尝试使用Powershell连接到Azure。当我尝试命令Login-AzureRmAccount时,我会弹出一个输入我的凭据的弹出窗口。但是,在那之后我立即收到错误:
Login-AzureRmAccount : Service returned error. Check InnerException for more details: The underlying connection was
closed: Could not establish trust relationship for the SSL/TLS secure channel.
At line:1 char:1
+ Login-AzureRmAccount
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Add-AzureRmAccount], AadAuthenticationFailedException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.Profile.AddAzureRMAccountCommand
有人可以对此有所了解吗?
更新 我看到以下内部异常:
“Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException: 服务返回错误。检查InnerException以获取更多详细信息---> System.Net.WebException:底层连接已关闭:可以 不建立SSL / TLS安全通道的信任关系。 ---> System.Security.Authentication.AuthenticationException:远程 根据验证程序,证书无效。在 System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken 消息,AsyncProtocolRequest asyncRequest,异常异常)at System.Net.Security.SslState.ProcessReceivedBlob(Byte []缓冲区,Int32 count,AsyncProtocolRequest asyncRequest)at System.Net.Security.SslState.StartReceiveBlob(Byte []缓冲区, AsyncProtocolRequest asyncRequest)at System.Net.Security.SslState.ProcessReceivedBlob(Byte []缓冲区,Int32 count,AsyncProtocolRequest asyncRequest)at System.Net.Security.SslState.StartReceiveBlob(Byte []缓冲区, AsyncProtocolRequest asyncRequest)at System.Net.Security.SslState.ProcessReceivedBlob(Byte []缓冲区,Int32 count,AsyncProtocolRequest asyncRequest)at System.Net.Security.SslState.StartReceiveBlob(Byte []缓冲区, AsyncProtocolRequest asyncRequest)at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte [] buffer,AsyncProtocolRequest asyncRequest)at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)at System.Threading.ExecutionContext.RunInternal(执行上下文 executionContext,ContextCallback回调,对象状态,布尔值 preserveSyncCtx)at System.Threading.ExecutionContext.Run(执行上下文 executionContext,ContextCallback回调,对象状态,布尔值 preserveSyncCtx)at System.Threading.ExecutionContext.Run(执行上下文 executionContext,ContextCallback回调,对象状态)at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
在System.Net.TlsStream.Write(Byte []缓冲区,Int32偏移量,Int32大小) 在System.Net.ConnectStream.WriteHeaders(布尔异步)---结束 内部异常堆栈跟踪--- at System.Net.HttpWebRequest.GetResponse()at Microsoft.IdentityModel.Clients.ActiveDirectory.HttpWebRequestWrapper.d__2.MoveNext() ---从抛出异常的先前位置开始的堆栈跟踪结束--- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务 任务) System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务 任务) Microsoft.IdentityModel.Clients.ActiveDirectory.HttpHelper.d__0.MoveNext() --- End of inner exception stack trace --- at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.RunAsyncTask[T](Task1 任务) Microsoft.Azure.Commands.Common.Authentication.UserTokenProvider.DoAcquireToken(AdalConfiguration config,PromptBehavior promptBehavior,String userId,SecureString 密码)at Microsoft.Azure.Commands.Common.Authentication.UserTokenProvider.SafeAquireToken(AdalConfiguration config,ShowDialog showDialog,String userId,SecureString密码, 异常和放大器; EX) ErrorCode:service_returned_error StatusCode:501'。在行:1个字符:1 + Login-AzureRmAccount $ Error [0] .Exception.InnerException
答案 0 :(得分:0)
我相当肯定这会绕过你的问题,但实际上并没有解决它。
免责声明:这不安全,如果您确定您所获得的证书错误是误报,或者您真的不喜欢 小心!此方法使您可以建立与恶意和/或受感染站点的连接。这是PowerShell,相当于在Internet Explorer中访问网页,获取证书错误,然后单击Continue Anyway链接。
如果您尝试手动登录并获得证书错误,但可以继续使用它,那么您可以在PowerShell中禁用证书检查,以使其行为类似。在尝试登录Azure之前运行此行将禁用当前会话的证书检查。每次要登录Azure时都必须运行此命令,只要存在证书错误。
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
更好的解决方案可能是解决您所看到的SSL / TLS问题,但这很可能更适合ServerFault或其他问题。