Windows 2022 Server TLS 1.2 is enabled - PowerShell Error

Finazzo, Michael 0 Reputation points
2024-09-18T17:29:47.7+00:00

Windows 2022 Server TLS 1.2 is enabled - PowerShell Error

WARNING: MSG:UnableToDownload «https://go.microsoft.com/fwlink/?LinkID=627338&clcid=0x409» «»

For PowerShell to work I can run

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

Again this is a Server 2022 thus TLS 1.2 is the Default

I've checked all the registry entries and it all looks to be correct. I shouldn't have to load the work around for PowerShell cmdlets to run.

Any help would be great.

Thanks

Mike

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,097 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,527 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Michael Taylor 54,401 Reputation points
    2024-09-18T18:11:49.7166667+00:00

    What version of PS are you using? I suspect you just installed Server 2022 and used the Windows Powershell icon. That means you're using the old version of PS (v5). This version was still being shipped at the time Server 2022 came out but it has been deprecated for a while. You should be using PowerShell Core instead. If you install and use PSCore then it should be fine.

    But some people don't feel comfortable installing more software on a server so if you want to continue to use PSv5 then you have to make a registry change. PS is based on NET Framework. NET Framework predates TLS 1.2 by a decade or more. When TLS 1.2 was released it wasn't possible to simply switch over to that version without potentially breaking decades worth of code so it is off by default. To turn it on you must first be running a version of NET Framework that supports it (Server 2022 ships with that version so you're good). The second thing you have to do is make a registry change to tell NET Framework to use TLS 1.2 as the default version. You can read how to do that here. Specifically you're setting the .NETFramework\v4.0.30319 key to use the newer protocol.

    Pay careful attention to the bitness here. PS ships with both x86 and x64 versions. If you want to use both versions then you have to set 2 different registry keys.

    After making the change then restart PowerShell and try again.

    0 comments No comments

  2. Rich Matheisen 46,796 Reputation points
    2024-09-18T18:54:59.8166667+00:00

    While Tls13 may be an available protocol it may not be one that's usable for HTTP connections.

    A good place to start is: https://learn.microsoft.com/en-us/windows-server/networking/configure-secure-protocol-options-winhttp?tabs=x86

    . . . which leads you here: https://learn.microsoft.com/en-us/windows-server/networking/configure-secure-protocol-options-winhttp?tabs=x86#prerequisites

    . . . and then leads you here: https://learn.microsoft.com/en-us/windows/win32/winhttp/option-flags#winhttp_option_secure_protocols (which is where you can determine what's in the existing registry value, and the values you may need to arrive at the final value).

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.