Error when I run the "OnboardingScript.ps1" to add On-Premise VM's to Azure Arc.

Question

I'm hoping I can get some help with the following error.

VERBOSE: Installing Azure Connected Machine Agent
VERBOSE: Downloading agent package
Microsoft.PowerShell.Commands.WriteErrorException: Cannot convert value "Tls12" to type "System.Int32". Error: "Input string was not i
n a correct format."

I have successfully added 3 of my servers running this scrip without any issue, all be it I ran them about 1 week ago. However today when I wanted to add the rest of my On-Premise servers to Azure Arc I get the above error?

Any help would be appreciated.

Answer 1

Update:

I have not resolved the original issue I posted of running the OnboardingScript.ps1 error, but I have a workaround with the help of the following document: https://learn.microsoft.com/en-us/azure/azure-arc/servers/onboard-portal

In short,

Step 1:
Copy the AzureConnectedMachineAgent.msi to your server. I added this to my desktop and ran the installer manually.

Step 2:
Once you can confirm the Agent has installed and can see it in your Programs you then need to configure it to communicate with the Azure Arc service by running the following command from Command Prompt:

"%ProgramFiles%\AzureConnectedMachineAgent\azcmagent.exe" connect --resource-group "resourceGroupName" --tenant-id "tenantID" --location "regionName" --subscription-id "subscriptionID"

Replace the resource group name, tennant ID etc with your environment information and click enter.

As this runs, part way through you will be prompted to navigate to https://microsoft.com/devicelogin via your browser (as you would when the OnboardingScript.ps1 actually works) and enter the code that is provided. This has worked for me just fine.

I still have an open ticket with MS Support to see if we can resolve the original error, but honestly this takes about the same amount of time all in all.

I hope this helps anyone else having the same issue.

Answer 2

Hi,
The line that fails is: [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12
In this case I would check if you have .net framework on your Windows server and if it is some old version try to update it.

Update1: May be you can try to replace [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12 with $Protocol = [Enum]::ToObject([System.Net.SecurityProtocolType], 3072); [System.Net.ServicePointManager]::SecurityProtocol = $Protocol and see if it works.

Update2: Yes, this turned out to be .net framework issue rather Arc issue. Probably the last thing you can do is to skip these lines:

[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12  
# Download the installation package  
Invoke-WebRequest -Uri "https://aka.ms/azcmagent-windows" -TimeoutSec 30 -OutFile "$env:TEMP\install_windows_azcmagent.ps1"  

and before running them download the install_windows_azcmagent.ps1 from https://aka.ms/azcmagent-windows and place it in your temp directory. Remember to unlock it from properties of the file. The TLS setting I think is mainly so you are able to download that file. You could try also removing the tls setting at all and see if you are able to download the file via Invoke-WebRequest. If TLS 1.2 is somehow your default setting you probably do not need to set it.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Answer 3

I assume this happens because tls12 is not listed in registry at all.
I would recommend setting tls12 as a default (requires restarting VMs)

https://support.microsoft.com/en-au/topic/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-winhttp-in-windows-c4bd73d2-31d7-761e-0178-11268bb10392