“无法创建SSL/TLS安全频道”。通过MSDeply部署到Web应用
我有一个非常奇怪的问题: 我正在通过MSDEPLOY部署到Azure Web应用程序,该应用程序是由带有竹子的本地CI/CD管道部署到的。
我得到:
27-Jun-2022 20:53:50 Verbose: Pre-authenticating to remote agent URL 'https://app-xxxxx-stg.scm.azurewebsites.net:443/msdeploy.axd?site=app-xxxxx-stg' as '$app-xxxxx-stg'.
27-Jun-2022 20:53:50 Error: Could not complete the request to remote agent URL 'https://app-xxxx-stg.scm.azurewebsites.net/msdeploy.axd?site=app-xxxxx-stg'.
27-Jun-2022 20:53:50 Error: The request was aborted: Could not create SSL/TLS secure channel.
27-Jun-2022 20:53:50 Error count: 1.
很奇怪的是,相同的部署脚本与过去创建的其他WebApp(开发和TST环境)相同,并且如果我尝试部署到产品环境(也只有创建)。 环境是通过臂模板创建的,因此它们完全相同。 我已经阅读了其他类似的问题,但是我的WebApp配置为仅允许TLS 1.2分钟。但是如前所述,所有Web应用程序均以相同的方式配置,并且部署全部从同一台计算机开始。 有什么问题?如何解决此连接问题?
谢谢
I'm having a very weird issue:
I'm deploying to an azure web app via MSDeploy from an on-prem CI/CD pipeline with Bamboo.
I get:
27-Jun-2022 20:53:50 Verbose: Pre-authenticating to remote agent URL 'https://app-xxxxx-stg.scm.azurewebsites.net:443/msdeploy.axd?site=app-xxxxx-stg' as '$app-xxxxx-stg'.
27-Jun-2022 20:53:50 Error: Could not complete the request to remote agent URL 'https://app-xxxx-stg.scm.azurewebsites.net/msdeploy.axd?site=app-xxxxx-stg'.
27-Jun-2022 20:53:50 Error: The request was aborted: Could not create SSL/TLS secure channel.
27-Jun-2022 20:53:50 Error count: 1.
What is weird is that the same deployment script works just fine with other webapps that have been created in the past (the dev and tst environments) and also fails with the same error if I try to deploy to prod environment (also just created).
The environments are created via ARM template, so they are exactly the same.
I've read other similar issues, but my webapp is configured to allow only TLS 1.2 min. But as mentioned, all the web apps are configured the same way, and the deployments all start from the same machine.
What could be the issue? how can I solve this connection problem?
Thank you
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
只是为了让所有人知道:通过强迫Net Framework应用程序(例如MS Deploy)默认为TLS1.2来解决问题。
根据本文: https://learn.microsoft.com/en-us/mem/configmgr/core/plan-design/security/security/enable-tls-tls-client#bkmk_net
Just to let everyone know: problem is solved by forcing net framework applications (like MS Deploy) to default to TLS1.2.
As per this article: https://learn.microsoft.com/en-us/mem/configmgr/core/plan-design/security/enable-tls-1-2-client#bkmk_net
我们将在线程。只是在这里发布以使社区受益。使用1.0或1.1连接到站点的自托管代理,我们可能会遇到此错误。因此,对于用于DevOps管道部署的自托管代理/自定义代理,请确保已安装代理已安装了> tls1.2。
We'd a discussion on this on Microsoft Q&A thread. Just posting here to benefit the community. Self hosted agent connected to site using 1.0 or 1.1, we may encounter this error. Hence, for self hosted agent/custom agent for DevOps pipeline deployment ensure that the agent has >TLS1.2 installed.