Sometime between November 16th and 17th something changed and the two PowerShell scripts I run to connect to our JAMF instance and maintain data sync with our SIS started failing because PowerShell can no longer connect to JAMF.
Annoyingly the script works fine on newer Windows operating systems, but our SIS is still hosted on Server 2012, and I also can no longer connect from ye'olde Windows 7. This hardware is scheduled for replacement, but we need to finish out the school year and for some reason the scripts have suddenly failed. A local policy change? A Microsoft policy change? A JAMF update? Anyone have any idea?
This is the code I got from someone at JAMF, possibly even this forum or a predecessor, in a bygone era, with obvious redaction:
$JSSAPIURL = "https://##########.jamfcloud.com/JSSResource"
$JSSAPIUser = "##########"
$JSSAPIPass = "##########"
$VerbosePreference = "SilentlyContinue"
#First we need to setup the shell to ignore self-signed certs for non-PKI Casper installs:
add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem) {
return true;
}
}
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
#Next we setup the creds we will be using:
$user = $JSSAPIUser
$pass = ConvertTo-SecureString -String $JSSAPIPass -AsPlainText -Force
$Creds = New-Object –TypeName System.Management.Automation.PSCredential –ArgumentList $user, $pass
# Get all users
$url = "$JSSAPIURL/users"
$resultsUsr = Invoke-RestMethod -Uri $url -Credential $Creds -ErrorAction Stop -Headers @{'Accept' = 'application/json'}
$resultsUsr.users | Out-Gridview
And this is the result I get on the Invoke-RestMethod line:
Invoke-RestMethod : The request was aborted: Could not create SSL/TLS secure channel.
At line:1 char:15
+ ... esultsUsr = Invoke-RestMethod -Uri $url -Credential $Creds -ErrorAct ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
Other than 'upgrade your systems already' does anyone know why the PowerShell's TLS 1.2 connectivity on these systems has suddenly failed? Meanwhile from the same systems I can use a browser to access the JAMF API, log in, and get the results manually just fine, but Invoke-WebRequest in PowerShell fails with a similar error.
At this point, any new thoughts I have for Google searches only result in pages of previously followed links. :-\
(PowerShell Version 5.1.14409.1027)
