For many organizations, the reality is that their on-premises systems need to communicate to Microsoft cloud services. Whether it is for Azure AD Connect, Azure AD Connect Health, Azure AD Password Protection, or the Azure MFA NPS extension, you’ll need to install either or both the MSOnline or AzureAD PowerShell modules.
On Windows Server 2016-based installations, however, you may run into a problem quickly, when you just want to download and install the module.
You run a Windows Server 2016-based installation.
You want use the installation to communicate with Azure Active Directory programmatically. You want to:
- Install the the MSOnline or AzureAD PowerShell module,
- Run the configuration script for Azure AD Connect Health for AD FS
- Run the configuration script for Azure AD Connect Health for AD DS,
- Run the configuration script for Azure AD Password Protection, or
- Run the configuration script for the Azure Multi-factor Authentication extension to Microsoft Network Policy Server (NPS).
All the above situations result in installing and registering the NuGet provider and installing either the MSOnline or AzureAD PowerShell module
You are prompted that PowerShell requires the NuGet provider version 220.127.116.11 or newer to interact with NuGet-based repositories. It asks you want PowerShellGet to install and import the NuGet provider.
You click ‘Yes’ or type Y.
You receive the below Windows PowerShell error:
WARNING: MSG:UnableToDownload «https://go.microsoft.com/fwlink/?LinkID=627338&clcid=0x409» «»
WARNING: Unable to download the list of available providers. Check your internet connection.
WARNING: Unable to download from URI 'https://go.microsoft.com/fwlink/?LinkID=627338&clcid=0x409' to ".
Install-PackageProvider : No match was found for the specified search criteria for the provider 'NuGet'. The package provider requires 'PackageManagement' and 'Provider' tags. Please check if the specified package has the tags.
The error is caused by the way Windows PowerShell interacts with the NuGet infrastructure delivering both the NuGet Package Provider and the Windows PowerShell Module.
The entire infrastructure is secured with SSL/TLS. This prevents eavesdropping and meddle in the middle-type attacks, where a malicious person with inject rogue code into a plain-text communication stream.
Windows PowerShell does not communicate with the infrastructure using TLS 1.2, but with a less secure encryption protocol. As with many other infrastructure, the NuGet infrastructure has switched off less secure encryption protocols. The best current way on Windows Server 2016 to interact with the infrastructure is using TLS 1.2.
To download the NuGet Package Provider and the MSOnline or AzureAD PowerShell module, issue the following line of Windows PowerShell first:
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Then, repeat the line of Windows PowerShell to install the PowerShell module.