问题:
如果我从DevOps的'Azure Powershell'任务管道调用命令 Get-AzureDeployment (也称为Get-AzureService),我将得到:'请求已中止:可以无法创建SSL / TLS安全通道。'
简介:
DevOps连接:
这一切工作了3个月,然后由于任何原因停止了工作。 奇怪的是,当我与DevOps一起玩以找出问题出在哪里时,该任务曾经成功运行过,但是当我再次尝试执行该操作时,又再次遇到了错误。
我有成功呼叫和失败呼叫的两个日志。 2506行日志相同,更改仅在此行之后。
我可以向您发送完整的日志,但是我不想在这里放置那么长的日志。
成功尝试:
Col SafeTitle
Smith Pa, Coleman Pa
John Pa-C, Fred Pa-C
Justin DO, Jack DO
John OT, Press OT
Jack ARNP, Nate ARNP
Johm DPM, King DPM
NoSpaceTITLE, LastName NULL
No Comma TITLE LastName NULL
Van Damme ACTOR, Jean-Claude ACTOR
失败呼叫日志:
VERBOSE: 8:31:40 AM - Begin Operation: Get-AzureDeployment
VERBOSE: 8:31:42 AM - Completed Operation: Get-AzureDeployment
... some other info about the deployment in slot
在两个日志中,我还可以找到将Azure帐户添加到Powershell中的方法:
VERBOSE: 9:53:39 AM - Begin Operation: Get-AzureDeployment
##[debug]Caught exception from task script.
##[debug]Error record:
##[debug]Get-AzureDeployment : An error occurred while sending the request.
##[debug]At D:\a\r1\a\_Tools\Powershell\cloud-service_swap-slot.ps1:14 char:15
##[debug]+ ... eployment = Get-AzureDeployment -Slot "Staging" -ServiceName $CloudSe ...
##[debug]+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
##[debug] + CategoryInfo : CloseError: (:) [Get-AzureDeployment], HttpRequestException
##[debug] + FullyQualifiedErrorId : Microsoft.WindowsAzure.Commands.ServiceManagement.HostedServices.GetAzureDeploymentComma nd
##[debug]
##[debug]Script stack trace:
##[debug]at <ScriptBlock>, D:\a\r1\a\_Tools\Powershell\cloud-service_swap-slot.ps1: line 14
##[debug]at <ScriptBlock>, <No file>: line 1
##[debug]at <ScriptBlock>, D:\a\_tasks\AzurePowerShell_72a1931b-effb-4d2e-8fd8-f8472a07cb62\3.171.2\AzurePowerShell.ps1: line 145
##[debug]at <ScriptBlock>, D:\a\_tasks\AzurePowerShell_72a1931b-effb-4d2e-8fd8-f8472a07cb62\3.171.2\AzurePowerShell.ps1: line 141
##[debug]at <ScriptBlock>, <No file>: line 1
##[debug]at <ScriptBlock>, <No file>: line 22
##[debug]at <ScriptBlock>, <No file>: line 18
##[debug]at <ScriptBlock>, <No file>: line 1
##[debug]Exception:
##[debug]System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
##[debug] at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
##[debug] at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)
##[debug] --- End of inner exception stack trace ---
##[debug] at Microsoft.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
##[debug] at Microsoft.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccess(Task task)
##[debug] at Microsoft.WindowsAzure.Management.Compute.DeploymentOperationsExtensions.GetBySlot(IDeploymentOperations operations, String serviceName, DeploymentSlot deploymentSlot)
##[debug] at Microsoft.WindowsAzure.Commands.Utilities.Common.ServiceManagementBaseCmdlet.ExecuteClientActionNewSM[TResult](Object input, String operationDescription, Func`1 action, Func`3 contextFactory)
##[error]An error occurred while sending the request.
##[debug]Processed: ##vso[task.logissue type=error]An error occurred while sending the request.
##[debug]Processed: ##vso[task.complete result=Failed]
(我已经用X替换了一些字符串)
YAML中有Powershell任务:
##[debug]Added certificate to the certificate store.
##[command]Set-AzureSubscription -SubscriptionName PXX -SubscriptionId XXXXXX01-09f5-4703-bcc9-6ff914XXXXXX -Certificate ******** -Environment AzureCloud
##[command]Select-AzureSubscription -SubscriptionId XXXXXX01-09f5-4703-bcc9-6ff914XXXXXX
##[debug]Leaving Initialize-Azure.
## Initializing Azure Complete
还有用于交换插槽的Powershell脚本,该脚本可从本地PC(具有相同的证书)工作,但在DevOps中失败:
steps:
- task: AzurePowerShell@3
displayName: 'Swap slots'
inputs:
azureConnectionType: ConnectedServiceName
azureClassicSubscription: 'PXX subscription'
ScriptPath: '$(System.DefaultWorkingDirectory)/_Tools/Powershell/cloud-service_swap-slot.ps1'
ScriptArguments: '-CloudServiceName $(CloudServiceName)'
FailOnStandardError: true
azurePowerShellVersion: LatestVersion
有人像我一样经历吗?问题可能在哪里?
#更新
我曾尝试在脚本的开头添加此安全协议设置,但存在相同的错误。
[CmdletBinding(PositionalBinding=$True)]
Param(
[Parameter(Mandatory = $true)]
[String]$CloudServiceName # required
)
# Check if Windows Azure Powershell is avaiable
if ((Get-Module -ListAvailable Azure) -eq $null)
{
throw "Windows Azure Powershell not found! Please install from http://www.windowsazure.com/en-us/downloads/#cmd-line-tools"
}
# VIP Swap
$Deployment = Get-AzureDeployment -Slot "Staging" -ServiceName $CloudServiceName #It's failing here
if ($Deployment -ne $null -AND $Deployment.DeploymentId -ne $null)
{
Write-Output ("Current Status of staging in {0}" -f $CloudServiceName);
Write-Host ($Deployment | Select-Object -Property * -ExcludeProperty Configuration,RolesConfiguration | Format-List | Out-String);
$MoveStatus = Move-AzureDeployment -ServiceName $CloudServiceName
Write-Output ("Vip swap of {0} status: {1}" -f $CloudServiceName, $MoveStatus.OperationStatus)
}else
{
Write-Output ("There is no deployment in staging slot of {0} to swap." -f $CloudServiceName)
}
答案 0 :(得分:2)
几乎没有可行的解决方法。
解决方法1
解决方法2
解决方法3(对于私人代理)
PS C:\> Clear-AzureProfile PS C:\> $cert = Get-Item Cert:\CurrentUser\My\ PS C:\ > Set-AzureSubscription -SubscriptionName "" -SubscriptionId -Certificate $cert PS C:\> Select-AzureSubscription -SubscriptionId
解决方法4
将以下脚本添加到每个Azure Powershell任务
$p = (Get-Variable Endpoint -ValueOnly).Auth.Parameters.certificate $bytes = [convert]::FromBase64String($p) [IO.File]::WriteAllBytes("C:\cert.pfx",$bytes) Import-PfxCertificate -FilePath C:\cert.pfx -CertStoreLocation cert:\CurrentUser\My . . actual script . . #remove certificate from store $thumb = (Get-PfxData -FilePath "C:\cert.pfx").EndEntityCertificates.Thumbprint Remove-Item -Path cert:\CurrentUser\My\$thumb -recurse -Force
答案 1 :(得分:1)
我们有同样的问题。它仅出现在windows-2019
个代理上,而不出现在vs2017-win2016
上。
因此,您可以通过更改代理类型来修复它,但是更好的解决方法是使用特定的Powershell版本5.1.1
而不是latest
。看来latest
最近增加到5.3.0
导致此错误。
答案 2 :(得分:1)
我遇到了同样的问题,并尝试了所有这些问题,对我来说,只有在我在Initialize-Azure部分之后添加此代码后,它才起作用:“ Set-AzureSubscription -SubscriptionId [我的订阅ID] -CurrentStorageAccountName [存储名称]”
答案 3 :(得分:1)
这似乎是Microsoft构建代理的问题,但是在每个Azure Powershell任务的开头添加以下代码似乎已经为我们解决了这一问题,直到他们弄清楚为止。
$pcert = (Get-Variable Endpoint -ValueOnly).Auth.Parameters.certificate
$bytes = [convert]::FromBase64String($pcert)
[IO.File]::WriteAllBytes("C:\cert.pfx",$bytes)
$null = Import-PfxCertificate -FilePath C:\cert.pfx -CertStoreLocation cert:\CurrentUser\My
答案 4 :(得分:1)
此问题是由.NET September更新中引入的行为更改引起的。以下代码将通过环境变量还原密钥的隐式存储(以前的.Net 4.x行为):
with
cart_cte(ordernumber, ProductId, OrderDate, quantity, rn) as (
select *, row_number() over (partition by ordernumber order by OrderDate)
from ShopCart),
prod_cte(ProductId, sum_quantity) as (
select ProductId, sum(quantity)
from cart_cte cc
join ShopCart sc on cc.ordernumber=sc.ordernumber
where cc.rn=1
and cc.orderdate < DATEADD(hour, -8, SYSDATETIMEOFFSET())
group by ProductId)
update p
set quantity=quantity+pc.sum_quantity
from Products p
join prod_cte pc on p.ProductId=pc.ProductId;
注意:然后,您将需要创建一个新的publishsettings文件,因为旧的证书和密钥不会被后续的导入覆盖。
答案 5 :(得分:0)
使用AzurePowerShell @ 3任务将Az Powershell版本降级到4.2.1。
答案 6 :(得分:0)
就我而言,我在本地Team Foundation Server 2017上的“运行嵌入式Azure Powershell”任务中的Get-AzureServiceRemoteDesktopExtension
命令中遇到了这个问题。
我尝试添加此处建议的行@ damien-caro ...
Set-Item env:\COMPLUS_CngImplicitPersistKeySet 1
...到我的脚本,但这只能解决单个发行版的问题。所有后续发行/部署均再次失败,并以Could not create SSL/TLS secure channel
结束。
只需将其作为变量添加到发行版定义中即可解决此问题。 (为进行测试,我已经成功地将相同的发行版连续三次部署到两个环境中。)
我在这里找到了此解决方案:https://github.com/Azure/azure-powershell/issues/13117#issuecomment-706665722
答案 7 :(得分:0)
就我而言,我不小心提到了 https 而不是 http。我的报表服务器是 http,没有证书,但它曾经在浏览器中重定向,即使我在我们的组织内部键入 https。但是 powershell 需要确切的 url。我使用的版本是 powershell@2,我调用了一个 powershell 脚本文件。