This repository has moved, please use ADFS Toolbox instead.

adfsmanagementtools's People

Contributors

Stargazers

Watchers

adfsmanagementtools's Issues

Add Pester tests for WID sync script

Test-AdfsServerToken fails if AD FS or WAP doesn't support TLS1.0

If an AD FS farm has been hardened for TLS by disabling TLS1.0, TLS 1.1 as per https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs then the Test-AdfsServerToken will fail as invoke-webrequest uses TLS 1.0 by default.

PS C:\WINDOWS\system32> $error[0] | fl * -f


PSMessageDetails      :
Exception             : System.Net.WebException: The underlying connection was closed: An unexpected error occurred on
                        a send. ---> System.IO.IOException: Unable to read data from the transport connection: An
                        existing connection was forcibly closed by the remote host. --->
                        System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote
                        host
                           at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
                           --- End of inner exception stack trace ---
                           at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
                           at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count)
                           at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest
                        asyncRequest)
                           at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message,
                        AsyncProtocolRequest asyncRequest)
                           at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer,
                        AsyncProtocolRequest asyncRequest)
                           at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
                           at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext,
                        ContextCallback callback, Object state, Boolean preserveSyncCtx)
                           at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback
                        callback, Object state, Boolean preserveSyncCtx)
                           at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback
                        callback, Object state)
                           at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
                           at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
                           at System.Net.ConnectStream.WriteHeaders(Boolean async)
                           --- End of inner exception stack trace ---
                           at Microsoft.PowerShell.Commands.WebRequestPSCmdlet.GetResponse(WebRequest request)
                           at Microsoft.PowerShell.Commands.WebRequestPSCmdlet.ProcessRecord()
TargetObject          : System.Net.HttpWebRequest
CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException
FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
ErrorDetails          :
InvocationInfo        : System.Management.Automation.InvocationInfo
ScriptStackTrace      : at Test-AdfsServerToken, C:\Program
                        Files\WindowsPowerShell\Modules\ADFSDiagnostics\1.1.0\Public\Test-AdfsServerToken.ps1: line 79
                        at <ScriptBlock>, <No file>: line 1
PipelineIterationInfo : {}

As a workaround setting TLS1.2 to be used like so then makes this cmdlet work.

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

Can we have the logic for the cmdlet updated to handle the error and use TLS 1.2 if required?

Recommend Projects