I'm trying to access/download a file from our URL, this URL basically downloads a file from s3 bucket(reverse proxy via nginx). Using AWS ACM for SSL certificates.
When I'm trying to download the file using that URL on the Windows16 instance it is throwing WebCmdletWebResponseException. Below is the detailed error message.
curl : The underlying connection was closed: An unexpected error occurred on a send.
At line:1 char:1
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebExc
eption
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
Findings:
The same URL works fine with windows 19 and 22 editions.
Through other blogs and posts found that the issue is because Powershell by default uses TLS 1.0 to connect to the website, but website security requires TLS 1.2.
But if I try to use the s3 URL directly to download the file it is working fine. Both the s3 URL and our URL certificate have TLS 1.2.
Can someone please help to solve this issue?
Related
I am trying to get list of applications registered in AAD via PowerShell.
I got into my tenant successfully using Connect-AzureAD. But when I'm running Get-AzureADApplication, I'm getting error like below:
Get-AzureADApplication : Error occurred while executing GetApplications
Code: Authentication_Unauthorized
Message: User was not found.
RequestId: 28b83872-c29b-423a-9870-ed2ad714f597
DateTimeStamp: Sat, 25 Jun 2022 1:35:23 GMT
HttpStatusCode: Forbidden
HttpStatusDescription: Forbidden
HttpResponseStatus: Completed
At line:1 char:1
+ Get-AzureADApplication
+ ~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-AzureADApplication], ApiException
+ FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.GetApplication
What does User was not found message mean?
I have Global Admin role and I tried elevating my access too that gives me access to all. But still I'm facing the same error.
Can anyone help me out what am I missing here?
The error 'User not found' usually occurs if you are trying to retrieve info of one tenant by connecting wrong(different) tenant or tenant that does not exist.
Please check the TenantDomain you are getting in the response while executing Connect-AzureAD cmdlet.
I tried to reproduce the same in my environment and got below results:
When I ran Connect-AzureAD cmdlet and logged in with personal Microsoft account, I got blank under TenantDomain that means it does not exist.
I got the same error when I executed Get-AzureADApplication after that like below:
To resolve the error, try running Connect-AzAccount first and include TenantId that you got in response while executing Connect-AzureAD cmdlet like below:
Connect-AzAccount
Connect-AzureAD -TenantId 'your_tenant_id'
Get-AzureADApplication
I got the list of Azure AD applications successfully after running above script like below:
Reference:
powershell - Authentication_Unauthorized, User Not Found - answered by JoyWang
Current configuration:
1 SharePoint 2019 farm (single server installation)
3 Workflow Manager Servers
Workflow Manager servers are load balanced
Workflow Manager is set to work only on https
Workflow Manager SSL certificate with DNS=*.domain.com & all 3 server names
Required permissions are in place
URLs (SharePoint web application/site and wfm) are accessible both ways
Running with farm admin account:
Register-SPWorkflowService -SPSite "https://siteurl" -WorkflowHostUri "https://wfmurl:12290/" -Force -Verbose
Throws the following error:
Register-SPWorkflowService : Failed to query the OAuth S2S metadata endpoint at URI 'https://webappurl/_layouts/15/metadata/json/1'. Error details: 'There was an error deserializing
the object of type Microsoft.Workflow.Management.Security.OAuthS2SJsonMetadataDocument+JsonMetadataDocumentContract. Encountered unexpected character '<'.'. HTTP headers received from the server -
ActivityId: 6de1c881-b1ca-411d-9004-ceea397d4453. NodeId: SERVERNAME. Scope: /DEV. Client ActivityId : bdeb429f-7bb1-e0c1-d7d1-f868a175396b.
At line:1 char:1
+ Register-SPWorkflowService -SPSite https://webappurl ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (Microsoft.Share...WorkflowService:RegisterSPWorkflowService) [Register-SPWorkflowService], InvalidRequestException
+ FullyQualifiedErrorId : Microsoft.SharePoint.WorkflowServices.PowerShell.RegisterSPWorkflowService
Any input is appreciated.
it's related with post installing the April 2020 CU KB 4484292 and KB 4484291.
After call with MS premier field engineer it's resolved like http://thewindowsupdate.com/2020/06/04/sharepoint-2019-issue-with-sharepoint-2013-workflows-post-april-2020-cu/
You need to remove the existing SPTrustedSecurityTokenIssuer and the register it like below
Remove-SPTrustedSecurityTokenIssuer -Identity 9854855e-cea8-457f-8293-e405d4055ffb
(id from Get-SPTrustedSecurityTokenIssuer collection)
New-SPTrustedSecurityTokenIssuer -Name "00000005-0000-0000-c000-000000000000" -MetadataEndPoint 'http://server:12291/$System/$Metadata/json/1' -RegisteredIssuerName "00000005-0000-0000-c000-000000000000#*"
or
New-SPTrustedSecurityTokenIssuer -Name "00000005-0000-0000-c000-000000000000" -MetadataEndPoint 'https://server:12290/$System/$Metadata/json/1' -RegisteredIssuerName "00000005-0000-0000-c000-000000000000#*"
PS No any concern here at
Remove-SPTrustedSecurityTokenIssuer
easy to go
thanks!
in the end, it looked like there were some issues with the F5 load balancing. As a test we added in the host files the URL of the WFM and the connection worked fine afterwards. this was handed over after to the team that managed the F5 and they resolved the issue on their end.
Failed to run Flutter Doctor in windows over corporate proxy.
I set proxy setting using below commands,
set http_proxy=USER:PWD#PROXY_URL:PORT
set https_proxy=USER:PWD#PROXY_URL:PORT
But still it gives error.
Error Code:
Checking Dart SDK version...
Downloading Dart SDK from Flutter engine b6b54fd60631a3828c2e2c9b079b5d1d2d8c8c37...
Downloading the Dart SDK using the BITS service failed, retrying with WebRequest...
Invoke-WebRequest :
Access Denied (authentication_failed)
Your credentials could not be authenticated: "Credentials are missing.". You will not be permitted access until your
credentials can be verified.
This is typically caused by an incorrect username and/or password, but could also be caused by network problems.
At D:\RAHUL_1647164\flutter_dev\flutter\bin\internal\update_dart_sdk.ps1:68 char:5
+ Invoke-WebRequest -Uri $dartSdkUrl -OutFile $dartSdkZip
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebExc
eption
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
Error: Unable to update Dart SDK. Retrying...
For the past few days, I’ve been playing around with the docker registry API and writing a small tool that scopes down its interaction with the Microsoft container registry (mcr.microsoft.com). My ultimate goal is to be able to download an image from MCR without having a direct dependency on docker pull nor any docker tool whatsoever.
Reading through the documentation of the Docker Registry API, specifically the section on how to pull a layer, it states that the URL is built as /v2/<name>/blobs/<digest>. Then, it mentions how clients should be prepared to get a redirect response from such URL.
I’ve been trying to pull image mcr.microsoft.com/windows/servercore:ltsc2019-amd64, but I don’t seem able to achieve this successfully.
From docker, this seems to be working fine:
PS C:\> docker pull mcr.microsoft.com/windows/servercore:ltsc2019-amd64 ltsc2019-amd64: Pulling from windows/servercore
65014b3c3121: Pull complete b16cfeeaf4b3: Pull complete Digest: sha256:481b0eb967cee61ce09dd81ece5effc5c327c170d11cc73c307c88a80017c9eb
Status: Downloaded newer image for mcr.microsoft.com/windows/servercore:ltsc2019-amd64
mcr.microsoft.com/windows/servercore:ltsc2019-amd64
However, I’m unable to get to the individual blobs for this image using the docker registry API directly:
PS C:\> (Invoke-RestMethod -Method Get -Uri "https://mcr.microsoft.com/v2/windows/servercore/manifests/ltsc2019-amd64").fsLayers
blobSum
-------
sha256:b16cfeeaf4b37af9fc146f7043ceb629c1bc50ace967227817e50e47f4a71529
sha256:65014b3c312172f10bd6701a063f9b5aaf9a916c2d2cb843d406a6f77ded3f8d
PS C:\> Invoke-RestMethod -Method Get -Uri "https://mcr.microsoft.com/v2/windows/servercore/blobs/sha256:b16cfeeaf4b37af9fc146f7043ceb629c1bc50ace967227817e50e47f4a71529" Invoke-RestMethod : {"errors":[{"code":"BLOB_UNKNOWN","message":"blob unknown to
registry","detail":"sha256:b16cfeeaf4b37af9fc146f7043ceb629c1bc50ace967227817e50e47f4a71529"}]}
At line:1 char:1
+ Invoke-RestMethod -Method Get -Uri "https://mcr.microsoft.com/v2/wind ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebExc
eption
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
PS C:\> Invoke-RestMethod -Method Get -Uri "https://mcr.microsoft.com/v2/windows/servercore/blobs/sha256:65014b3c312172f10bd6701a063f9b5aaf9a916c2d2cb843d406a6f77ded3f8d" Invoke-RestMethod : {"errors":[{"code":"BLOB_UNKNOWN","message":"blob unknown to
registry","detail":"sha256:65014b3c312172f10bd6701a063f9b5aaf9a916c2d2cb843d406a6f77ded3f8d"}]}
At line:1 char:1
+ Invoke-RestMethod -Method Get -Uri "https://mcr.microsoft.com/v2/wind ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebExc
eption
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
The returned error seems to be a "not found" rather than a "redirect". How is docker pull figuring out the right link from where to download the layers?
I tried reading through the docker distribution codebase, but I can’t seem to piece together the puzzle. From https://github.com/docker/distribution/blob/master/registry/storage/paths.go, there is some mention on the storage for blobs, which I believe is from where I layers download path are constructed. However, I don’t fully understand how it’s figuring out the real path since it just tries a few of them until one is valid.
What could possibly be wrong here? Am I doing something wrong? Am I missing something?
If you check the docker manifest spec, it says about the foreign layer:
https://docs.docker.com/registry/spec/manifest-v2-2/
Layers of type application/vnd.docker.image.rootfs.foreign.diff.tar.gzip may be pulled from a remote location but they should never be pushed.
This mostly applies to Windows base layers which are normally hosted separatly from outside of registry. This is currently the same for MCR. If you look at the manifest of the image, you can see layers with URLs. When server returns 404, you should follow the URLs in the manifest to download the layer blob
"layers": [
{
"mediaType": "application/vnd.docker.image.rootfs.foreign.diff.tar.gzip",
"size": 1534685324,
"digest": "sha256:65014b3c312172f10bd6701a063f9b5aaf9a916c2d2cb843d406a6f77ded3f8d",
"urls": [
"https://go.microsoft.com/fwlink/?linkid=2041275"
]
}
I am trying to push a symbol package to the nuget symbol server. The API key has been set and the regular package has uploaded just fine. However, when I try to push the symbol package it fails saying the following:
PM> nuget push .\Tanneryd.BulkInsert.1.0.1-alfa.symbols.nupkg -source https://nuget.smbsrc.net/ Pushing Tanneryd.BulkInsert.1.0.1-alfa.symbols.nupkg to the symbol server (https://nuget.smbsrc.net/)... PUT https://nuget.smbsrc.net/api/v2/package/ PUT https://nuget.smbsrc.net/api/v2/package/ PUT https://nuget.smbsrc.net/api/v2/package/ nuget : The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. At line:1 char:1
+ nuget push .\Tanneryd.BulkInsert.1.0.1-alfa.symbols.nupkg -source htt ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (The underlying ...secure channel.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
The remote certificate is invalid according to the validation procedure.
It appears that https://nuget.smbsrc.net/ currently has a certificate error (e.g. expired certificate). When I go here from IE I see:
This site is not secure
This might mean that someone’s trying to fool you or steal any info you send to the server. You should close this site immediately.
Update
I was able to publish by specifying HTTP rather than secure. Example:
nuget push dist/MyPackage.1.0.0.symbols.nupkg -Source http://nuget.smbsrc.net -ApiKey [my key]