Resolution for SSL/TLS error thrown when running an Orchestrator upgrade script. (E.g. Publish-IdentityServer.ps1) " Error: The request was aborted: Could not create SSL/TLS secure channel. "
Issue Description: Error: The request was aborted: Could not create SSL/TLS secure channel.
Resolution:
- Enable TLS 1.2 on the client machine where the script is executed.
The error says the connection did not work due to a TLS issue. Check the machine where the script is being run, to ensure TLS 1.2 is enabled. Work with local IT group as needed to confirm / update the machine where the script is run, has TLS 1.2 enabled.
There are three tasks for enabling TLS 1.2 on clients:
- Update Windows and WinHTTP
- Ensure that TLS 1.2 is enabled as a protocol for SChannel at the operating system level
- Update and configure the .NET Framework to support TLS 1.2
Also review the registry entries TLS 1.2 and configure them if needed.
HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\Client
"Enabled" = 1
"DisabledByDefault" = 0
Enable the TLS 1.2 protocol on registry setting in the machine. Enable through the Power shell script.
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Force New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Force Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'Enabled' -value '1' –Type 'DWORD' Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'DisabledByDefault' -value '0' –Type 'DWORD' Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -name 'Enabled' -value '1' –Type 'DWORD' Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -name 'DisabledByDefault' -value '0' –Type 'DWORD'