For many organizations, the reality is that their on-premises systems need to communicate to Microsoft cloud services. Whether it is for Azure AD Connect, Azure AD Connect Health, Azure AD Password Protection, or the Azure MFA NPS extension, you’ll need to install either or both the MSOnline or AzureAD PowerShell modules.
On Windows Server 2016-based installations, however, you may run into a problem quickly, when you just want to download and install the module.
The situation
You run a Windows Server 2016-based installation.
You want use the installation to communicate with Azure Active Directory programmatically. You want to:
- Install the the MSOnline or AzureAD PowerShell module,
- Run the configuration script for Azure AD Connect Health for AD FS
- Run the configuration script for Azure AD Connect Health for AD DS,
- Run the configuration script for Azure AD Password Protection, or
- Run the configuration script for the Azure Multi-factor Authentication extension to Microsoft Network Policy Server (NPS).
Note:
All the above situations result in installing and registering the NuGet provider and installing either the MSOnline or AzureAD PowerShell module
You are prompted that PowerShell requires the NuGet provider version 2.8.5.201 or newer to interact with NuGet-based repositories. It asks you want PowerShellGet to install and import the NuGet provider.
You click ‘Yes’ or type Y.
The issue
You receive the below Windows PowerShell error:
WARNING: MSG:UnableToDownload «https://go.microsoft.com/fwlink/?LinkID=627338&clcid=0x409» «»
WARNING: Unable to download the list of available providers. Check your internet connection.
WARNING: Unable to download from URI 'https://go.microsoft.com/fwlink/?LinkID=627338&clcid=0x409' to ".
Install-PackageProvider : No match was found for the specified search criteria for the provider 'NuGet'. The package provider requires 'PackageManagement' and 'Provider' tags. Please check if the specified package has the tags.
The cause
The error is caused by the way Windows PowerShell interacts with the NuGet infrastructure delivering both the NuGet Package Provider and the Windows PowerShell Module.
The entire infrastructure is secured with SSL/TLS. This prevents eavesdropping and meddle in the middle-type attacks, where a malicious person with inject rogue code into a plain-text communication stream.
Windows PowerShell does not communicate with the infrastructure using TLS 1.2, but with a less secure encryption protocol. As with many other infrastructure, the NuGet infrastructure has switched off less secure encryption protocols. The best current way on Windows Server 2016 to interact with the infrastructure is using TLS 1.2.
The solution
To download the NuGet Package Provider and the MSOnline or AzureAD PowerShell module, issue the following line of Windows PowerShell first:
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Then, repeat the line of Windows PowerShell to install the PowerShell module.
Perhaps a better solution would be to configure .net on the server to support TLS 1.2+ here.
Hi Nick,
Thank you for your comment.
The changes that you recommend are actual recommendations I provided for Windows Server installations that run Azure AD Connect (in combination with these settings to actually remove TLS 1.0 and TLS 1.1). However, I have a couple of issues recommending the registry edits that Microsoft recommends in your linked Docs page for all systems communicating to the Azure infrastructure:
Hi Sander,
This got me unstuck, thank you!
Works like magic… Thanks
Thanks. you saved me a lot of time
Thanks! Really saved me some time here!
Thanks!
Just what I needed.
My powershell is using TLS1.2 and I'm still getting this same exact error. Yes, I do have internet access.
My internet is active andI have enabled TLS1.2 using above command but still getting the same error do download 'Nuget" or any Module. Powershell is failed to connect to the internet
Thanks! This saved me!
Worked, thanks!