Develop Reference

Powershell curl to an URL throws WebCmdletWebResponseException

I'm trying to access/download a file from our URL, this URL basically downloads a file from s3 bucket(reverse proxy via nginx). Using AWS ACM for SSL certificates.
When I'm trying to download the file using that URL on the Windows16 instance it is throwing WebCmdletWebResponseException. Below is the detailed error message.
curl : The underlying connection was closed: An unexpected error occurred on a send.
At line:1 char:1
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebExc
eption
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
Findings:
The same URL works fine with windows 19 and 22 editions.
Through other blogs and posts found that the issue is because Powershell by default uses TLS 1.0 to connect to the website, but website security requires TLS 1.2.
But if I try to use the s3 URL directly to download the file it is working fine. Both the s3 URL and our URL certificate have TLS 1.2.
Can someone please help to solve this issue?

BLOB_UNKNOWN on valid mcr.microsoft.com/windows/servercore:ltsc2019-amd64 container image

For the past few days, I’ve been playing around with the docker registry API and writing a small tool that scopes down its interaction with the Microsoft container registry (mcr.microsoft.com). My ultimate goal is to be able to download an image from MCR without having a direct dependency on docker pull nor any docker tool whatsoever.
Reading through the documentation of the Docker Registry API, specifically the section on how to pull a layer, it states that the URL is built as /v2/<name>/blobs/<digest>. Then, it mentions how clients should be prepared to get a redirect response from such URL.
I’ve been trying to pull image mcr.microsoft.com/windows/servercore:ltsc2019-amd64, but I don’t seem able to achieve this successfully.
From docker, this seems to be working fine:
PS C:\> docker pull mcr.microsoft.com/windows/servercore:ltsc2019-amd64 ltsc2019-amd64: Pulling from windows/servercore
65014b3c3121: Pull complete b16cfeeaf4b3: Pull complete Digest: sha256:481b0eb967cee61ce09dd81ece5effc5c327c170d11cc73c307c88a80017c9eb
Status: Downloaded newer image for mcr.microsoft.com/windows/servercore:ltsc2019-amd64
mcr.microsoft.com/windows/servercore:ltsc2019-amd64
However, I’m unable to get to the individual blobs for this image using the docker registry API directly:
PS C:\> (Invoke-RestMethod -Method Get -Uri "https://mcr.microsoft.com/v2/windows/servercore/manifests/ltsc2019-amd64").fsLayers
blobSum
-------
sha256:b16cfeeaf4b37af9fc146f7043ceb629c1bc50ace967227817e50e47f4a71529
sha256:65014b3c312172f10bd6701a063f9b5aaf9a916c2d2cb843d406a6f77ded3f8d
PS C:\> Invoke-RestMethod -Method Get -Uri "https://mcr.microsoft.com/v2/windows/servercore/blobs/sha256:b16cfeeaf4b37af9fc146f7043ceb629c1bc50ace967227817e50e47f4a71529" Invoke-RestMethod : {"errors":[{"code":"BLOB_UNKNOWN","message":"blob unknown to
registry","detail":"sha256:b16cfeeaf4b37af9fc146f7043ceb629c1bc50ace967227817e50e47f4a71529"}]}
At line:1 char:1
+ Invoke-RestMethod -Method Get -Uri "https://mcr.microsoft.com/v2/wind ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebExc
eption
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
PS C:\> Invoke-RestMethod -Method Get -Uri "https://mcr.microsoft.com/v2/windows/servercore/blobs/sha256:65014b3c312172f10bd6701a063f9b5aaf9a916c2d2cb843d406a6f77ded3f8d" Invoke-RestMethod : {"errors":[{"code":"BLOB_UNKNOWN","message":"blob unknown to
registry","detail":"sha256:65014b3c312172f10bd6701a063f9b5aaf9a916c2d2cb843d406a6f77ded3f8d"}]}
At line:1 char:1
+ Invoke-RestMethod -Method Get -Uri "https://mcr.microsoft.com/v2/wind ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebExc
eption
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
The returned error seems to be a "not found" rather than a "redirect". How is docker pull figuring out the right link from where to download the layers?
I tried reading through the docker distribution codebase, but I can’t seem to piece together the puzzle. From https://github.com/docker/distribution/blob/master/registry/storage/paths.go, there is some mention on the storage for blobs, which I believe is from where I layers download path are constructed. However, I don’t fully understand how it’s figuring out the real path since it just tries a few of them until one is valid.
What could possibly be wrong here? Am I doing something wrong? Am I missing something?

If you check the docker manifest spec, it says about the foreign layer:
https://docs.docker.com/registry/spec/manifest-v2-2/
Layers of type application/vnd.docker.image.rootfs.foreign.diff.tar.gzip may be pulled from a remote location but they should never be pushed.
This mostly applies to Windows base layers which are normally hosted separatly from outside of registry. This is currently the same for MCR. If you look at the manifest of the image, you can see layers with URLs. When server returns 404, you should follow the URLs in the manifest to download the layer blob
"layers": [
{
"mediaType": "application/vnd.docker.image.rootfs.foreign.diff.tar.gzip",
"size": 1534685324,
"digest": "sha256:65014b3c312172f10bd6701a063f9b5aaf9a916c2d2cb843d406a6f77ded3f8d",
"urls": [
"https://go.microsoft.com/fwlink/?linkid=2041275"
]
}

Certificate error when pushing nuget symbol package

I am trying to push a symbol package to the nuget symbol server. The API key has been set and the regular package has uploaded just fine. However, when I try to push the symbol package it fails saying the following:
PM> nuget push .\Tanneryd.BulkInsert.1.0.1-alfa.symbols.nupkg -source https://nuget.smbsrc.net/ Pushing Tanneryd.BulkInsert.1.0.1-alfa.symbols.nupkg to the symbol server (https://nuget.smbsrc.net/)... PUT https://nuget.smbsrc.net/api/v2/package/ PUT https://nuget.smbsrc.net/api/v2/package/ PUT https://nuget.smbsrc.net/api/v2/package/ nuget : The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. At line:1 char:1
+ nuget push .\Tanneryd.BulkInsert.1.0.1-alfa.symbols.nupkg -source htt ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (The underlying ...secure channel.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
The remote certificate is invalid according to the validation procedure.

It appears that https://nuget.smbsrc.net/ currently has a certificate error (e.g. expired certificate). When I go here from IE I see:
This site is not secure
This might mean that someone’s trying to fool you or steal any info you send to the server. You should close this site immediately.
Update
I was able to publish by specifying HTTP rather than secure. Example:
nuget push dist/MyPackage.1.0.0.symbols.nupkg -Source http://nuget.smbsrc.net -ApiKey [my key]

Vagrant unable to mount SMB after upgrade to 1.7.4

I'm using vagrant on windows 8, with the hyper-v provider starting a windows server 2012 box.
Before I updated to vagrant 1.7.4 I was on version 1.7.2, and everything worked.
But after updating I am getting an error when it is trying to mount the shared folder:
The following WinRM command responded with a non-zero exit status.
Vagrant assumes that this means the command failed!
cmdkey /add:xxx.xxx.xxx.xxx /user:DOMAIN\user /pass:Password
Stdout from the command:
Stderr from the command:
Exception calling "RegisterTaskDefinition" with "7" argument(s): "The user
name or password is incorrect. (Exception from HRESULT: 0x8007052E)"
At C:\tmp\vagrant-elevated-shell.ps1:58 char:1
+ $folder.RegisterTaskDefinition($task_name, $task, 6, $username, $password,
1, $n ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : ComMethodTargetInvocation
I have replaced the details from the line:
cmdkey /add:xxx.xxx.xxx.xxx /user:DOMAIN\user /pass:Password
With placeholders for obvious reasons. I did try and run the command above in the VM and I get the following output:
CMDKEY: Credential added successfully.
So I assume it is working correctly. Has something changed or broken in 1.7.4?

I have figured out a fix for this.
Our password contained dollar signs ($), these were being stripped out in the vagrant-elevated-shell.ps1 script.
I have forked the vagrant repo and made the change and made a pull request - https://github.com/mitchellh/vagrant/pull/6452
To patch your local environment, you can find the communicator.rb file on your local machine at:
C:\HashiCorp\Vagrant\embedded\gems\gems\vagrant-1.7.4\plugins\communicators\winrm\communicator.rb
(provided you used the default setting in the installer)

Visual Studio Nuget Install-Package Invalid URI: Invalid Port Specified

In VS2013 Package Manager Console, command Install-Package gives error
Invalid URI: Invalid Port specified
At line: 1 char:1
Category Info : Not specified: (:) [Install-Package], UriformatException
FullyQualifiedErrorId : NuGetCmdletUnhandledException, NuGet.Powershell.Commands.GetPackageCommand
Not using proxy.
Where is the port specified that it is complaining about? How is this fixed? I looked at the other solutions in SO and none helped.