I can't connect a Server to Azure ARC

Question

When I try to run the script it gives the error:

Invoke-WebRequest : The underlying connection was closed: Could not establish trust relationship for the SSL/TLS
secure channel.
At line:23 char:5
+     Invoke-WebRequest -UseBasicParsing -Uri "https://gbl.his.arc.azure.com/log"  ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebExc
   eption
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

Answer 1

Hey! We faced a similar issue in some of our on prem servers. Took a long time but we finally had a solution (or workaround). Please try below and let me know if it worked. :)

1. Check whether all the azure root CAs are installed on the servers. You can find them here: https://learn.microsoft.com/en-us/azure/security/fundamentals/azure-ca-details?tabs=root-and-subordinate-cas-list#root-certificate-authorities
2. Use MMC on the machine to verify you have Digicert Global Root CA, Digicert Global Root G2, Digicert Global Root G3, Digicert Global Root G4.
3. import whichever certificate is missing (import both in "Current user" as well as "Local machine")
4. run the Arc onboarding script
5. if the script doesn't work, get the "AzureConnectedMachineAgent.msi" from a working server/browser and install the agent manually.
6. if you use proxy, use "azcmagent config set proxy.url "proxy.com:port" " command to set it.
7. now run the "azcmagent connect" command to connect your machine to ARC.

Answer 2

Had the exact same issue. when I used PowerShell through cmd the script ran, and the server was successfully onboarded.