posted on  by 

SOLVED – Cannot Run AzureAD commands in Windows Server 2016 Powershell

Filed under  Miscellanous
0
Advertisement

AzureAD module is a great match for Windows Server 2016 machines. Read more to find out what to do if you Cannot Run AzureAD commands in Windows Server 2016 Powershell

Install-Module -Name AzureAD can be used to install AzureAD module on Windows Server 2016 machines. However, you might see the following error when you run Connect-AzureAD and sign in, etc.

All Windows Server 2016 machines still have TLS version 1.0, 1.1 and/or 3DES cipher enabled out of the box at the moment. Looks like last Saturday or so Microsoft stopped allowing users/things to connect to their Azure Tenants using machines that still have these old security protocols enabled.

So anything that initiates an authentication request to the Azure tenant via a machine that still has old TLS versions enabled will be blocked from authenticating. So we are now forced to enable TLS 1.2 in all of these servers (I have seen this occur only in Win2016 for now). For this reason, the PowerShell scripts that we used in our environment stopped working.

You May Also Like: SOLVED – How To Exclude In-app toolbar in VS 2022

Solution

  1. Enable TLS1.2. There is a simple PowerShell script that can be found here to enable TLS1.2. I have tested this in a test Win2016 server and the issue gets resolved straight away.
  2. The second option is to force the scripts to use TLS1.2. That can be done by adding the following code to the script – 
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12;

Alternatively, you can add a system-wide registry key (e.g. via group policy) to any machine that needs to make TLS 1.2 connections. This will cause the system to use the “System Default” TLS versions which add TLS 1.2 as an available protocol AND it will allow the scripts to use future TLS Versions when the OS supports them. (e.g. TLS 1.3)

  1. reg add HKLM\SOFTWARE\Microsoft.NETFramework\v4.0.30319 /v SystemDefaultTlsVersions /t REG_DWORD /d 1 /f /reg:64
  2. reg add HKLM\SOFTWARE\Microsoft.NETFramework\v4.0.30319 /v SystemDefaultTlsVersions /t REG_DWORD /d 1 /f /reg:32

You May Also Like: SOLVED – How To Update Connection Policy Of Synapse Dedicated SQL Pools

We hope the solutions in the above-mentioned article were helpful. Feel free to share your views with us.

Tagged with 

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>