"Could not create SSL/TLS secure channel" when deploying via MSDeply to Web App

Question

"Could not create SSL/TLS secure channel" when deploying via MSDeply to Web App

Simone Chiaretta 21

I'm having a very weird issue:
I'm deploying to an azure webapp via MSDeploy from an on-prem CI/CD pipeline with Bamboo.
I get:

27-Jun-2022 20:53:50 Verbose: Pre-authenticating to remote agent URL 'https://app-xxxxx-stg.scm.azurewebsites.net:443/msdeploy.axd?site=app-xxxxx-stg' as '$app-xxxxx-stg'.  
27-Jun-2022 20:53:50 Error: Could not complete the request to remote agent URL 'https://app-xxxxx-stg.scm.azurewebsites.net/msdeploy.axd?site=app-xxxxx-stg'.  
27-Jun-2022 20:53:50 Error: The request was aborted: Could not create SSL/TLS secure channel.  
27-Jun-2022 20:53:50 Error count: 1.

What is weird is that the same deployment script works just fine with other webapp that have been created in the past (dev and tst) but also fails with the same error if I try to deploy to prd.
The environments are created via ARM template, so they are exactly the same.
I've read other similar issues, but my webapp is configured to allow only TLS 1.2 min. But as mentioned, all the web apps are configured the same way, and the deployment all start from the same machine.
What could be the issue? how can I solve this connection problem?

Thank you

ajkuma 28,036 Reputation points Microsoft Employee Moderator

2022-06-29T04:26:02.167+00:00

@Simone Chiaretta , Thanks for posting this question. Apologies you're experiencing this issue. I'm following-up with you privately to know more about your webapp and subscription details.

I'll leave this open for other community members to share comments/insights facing similar experience.

Note: Kindly do not share any PII data publicly.
arackcheev 1 Reputation point

2022-06-29T11:09:41.22+00:00

Hello,

We have exactly the same problem. Tried to publish a new FunctionApp to the production environment today, but it fails with the same error. Dev/Tests are deploying fine. Resource recreation doesn't help.

Regards,
Andrew
arackcheev 1 Reputation point

2022-06-29T11:26:49.087+00:00

Hello,

@Anonymous we have exactly same problem. Same deployment machine deploys fine to dev/test, but not prod. I hope you will be able to assist.

Regards,
Andrew
Tara Powell 1 Reputation point

2022-07-04T15:14:51.51+00:00

Hello

We have exactly the same problem - exact same artifacts deploying to staging in release pipeline successfully but failing to deploy to production with this error.
App Services are identical - we have tried completed removing the failing ones and redeploying the code.
Service connection permissions are fine - can successfully start/stop app services but not deploy to them.

Regards
Tara
J Hernandez Colomina 91 Reputation points

2022-07-08T10:07:13.543+00:00

We are having the exact same issue.
Same script, same software to other environments works fine.
To new created app service it does not
We use Azure DevOps and the same agent in both cases

Accepted answer

1 additional answer

Your answer

ajkuma 28,036 Reputation points Microsoft Employee Moderator

2022-06-29T04:26:02.167+00:00

@Simone Chiaretta , Thanks for posting this question. Apologies you're experiencing this issue. I'm following-up with you privately to know more about your webapp and subscription details.

I'll leave this open for other community members to share comments/insights facing similar experience.

Note: Kindly do not share any PII data publicly.
arackcheev 1 Reputation point

2022-06-29T11:09:41.22+00:00

Hello,

We have exactly the same problem. Tried to publish a new FunctionApp to the production environment today, but it fails with the same error. Dev/Tests are deploying fine. Resource recreation doesn't help.

Regards,
Andrew
arackcheev 1 Reputation point

2022-06-29T11:26:49.087+00:00

Hello,

@Anonymous we have exactly same problem. Same deployment machine deploys fine to dev/test, but not prod. I hope you will be able to assist.

Regards,
Andrew
Tara Powell 1 Reputation point

2022-07-04T15:14:51.51+00:00

Hello

We have exactly the same problem - exact same artifacts deploying to staging in release pipeline successfully but failing to deploy to production with this error.
App Services are identical - we have tried completed removing the failing ones and redeploying the code.
Service connection permissions are fine - can successfully start/stop app services but not deploy to them.

Regards
Tara
J Hernandez Colomina 91 Reputation points

2022-07-08T10:07:13.543+00:00

We are having the exact same issue.
Same script, same software to other environments works fine.
To new created app service it does not
We use Azure DevOps and the same agent in both cases

Answer 1

J Hernandez Colomina 91

We found a solution!
This article worked for us:
https://learn.microsoft.com/en-us/mem/configmgr/core/plan-design/security/enable-tls-1-2-client

After adding these keys to the agent running the deployment it worked!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions" = dword:00000001
"SchUseStrongCrypto" = dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions" = dword:00000001
"SchUseStrongCrypto" = dword:00000001

arackcheev 1 Reputation point

2022-07-11T06:47:37.313+00:00

Thank you for sharing this!
Ryan Hill 30,281 Reputation points Microsoft Employee Moderator

2022-08-08T14:56:14.017+00:00

It's also outlined in Transport Layer Security (TLS) best practices with the .NET Framework guide.
Thomas Taglicht 0 Reputation points

2024-08-14T07:42:49.7866667+00:00

Thanks, Worked for me...

Answer 2

ajkuma 28,036 Microsoft Employee Moderator

Apologies for the delay. While we're still working with SimoneChiaretta-1860 offline.

If you’re leveraging self hosted agent/custom agent for DevOps pipeline deployment. Kindly ensure that the agent has >TLS1.2 installed and then check.
Self hosted agent connected to site using 1.0 or 1.1, we may encounter this error.

Tara Powell 1 Reputation point

2022-07-13T08:09:41.713+00:00

They were in our case. TLS 1.2 was installed and in use. It was just the .NET reg keys that were missing. Thanks again to jhernandez-4580 for the solution.

Share via

"Could not create SSL/TLS secure channel" when deploying via MSDeply to Web App

1 additional answer

Your answer