80

I followed the steps mentioned in Using PowerShell Behind a Proxy to configure my proxy server.

netsh winhttp set proxy "[IP]:[Port]"
$Wcl = New-Object System.Net.WebClient
$Creds = Get-Credential
$Wcl.Proxy.Credentials = $Creds

A dialog popped up to collect my credential on the third line.

Then I tried to install NuGet:

PS C:\Users\Administrator> Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
WARNING: Unable to download from URI 'https://go.microsoft.com/fwlink/
         ?LinkID=627338&clcid=0x409' to ''.
WARNING: Unable to download the list of available providers. Check your internet
         connection.
Install-PackageProvider : No match was found for the specified search criteria
for the provider 'NuGet'. The package provider requires 'PackageManagement' and
'Provider' tags. Please check if the specified package has the tags.
At line:1 char:1
+ Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (Microsoft.Power...PackageProvider:InstallPackageProvider) [Install-PackageProvider], Exception
    + FullyQualifiedErrorId : NoMatchFoundForProvider,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackageProvider

The error message seems to indicate my PowerShell cannot connect to internet, but when I tried this command: 

PS C:\Users\Administrator> Invoke-WebRequest "https://go.microsoft.com/fwlink/?LinkID=627338&clcid=0x409"

StatusCode        : 200
StatusDescription : OK
Content           : <?xml version="1.0" encoding="utf-8"?>
                    <SoftwareIdentity xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:discovery="http://p...
RawContent        : HTTP/1.1 200 OK
                    Content-MD5: 01uMBNqAHedJsS1dqKC5oA==
                    Vary: Accept-Encoding
                    X-Cache: HIT
                    x-ms-blob-type: BlockBlob
                    x-ms-lease-status: unlocked
                    x-ms-request-id: 1b7af5a7-901e-0003-5d94-f5cc950000...
Forms             : {}
Headers           : {[Content-MD5, 01uMBNqAHedJsS1dqKC5oA==], [Vary, Accept-Encoding], [X-Cache, HIT],
                    [x-ms-blob-type, BlockBlob]...}
Images            : {}
InputFields       : {}
Links             : {}
ParsedHtml        : System.__ComObject
RawContentLength  : 1847

It seems it can connect to the Internet after all.

What did I do wrong? How do I install NuGet?

EDIT: I tried Ocaso Protal's suggestion: 

PS C:\Users\Administrator> Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force -proxy [ProxyServer:Port] -proxycredential $Creds
WARNING: Unable to download from URI 'https://go.microsoft.com/fwlink/?LinkID=627338&clcid=0x409' to ''.
WARNING: Unable to download the list of available providers. Check your internet connection.
Install-PackageProvider : No match was found for the specified search criteria for the provider 'NuGet'. The package
provider requires 'PackageManagement' and 'Provider' tags. Please check if the specified package has the tags.
At line:1 char:1
+ Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force  ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (Microsoft.Power...PackageProvider:InstallPackageProvider) [Install-Pac
   kageProvider], Exception
    + FullyQualifiedErrorId : NoMatchFoundForProvider,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackagePro
   vider

PS C:\Users\Administrator> $Creds

UserName                                   Password
--------                                   --------
[My UserName] System.Security.SecureString

It seems to have no effect.

KC Wong
  • 2,410
  • 1
  • 18
  • 26
  • Did you try the `-proxy` and `-proxycredential` parameter for [Install-PackageProvider](https://learn.microsoft.com/en-us/powershell/module/packagemanagement/install-packageprovider?view=powershell-6)? Ohh, and did you start Powershell as an admin? – Ocaso Protal Apr 24 '19 at 09:37
  • @Ocaso Protal: Updated in edit. It seems to have no effect. – KC Wong Apr 24 '19 at 09:51
  • @OcasoProtal: Also yes I started PowerShell as admin. – KC Wong Apr 24 '19 at 10:04
  • 2
    I retried the Install-PackageProvider command with -verbose... the first time the message indicated it retried 3 times and cannot download the Microsoft URL. Then I tried again... and it succeeded. I have no idea why and it leaves a really bad taste in my mouth. – KC Wong Apr 24 '19 at 10:12
  • Hmmm, weird... Looks like there was maybe a problem on the Microsoft side? – Ocaso Protal Apr 24 '19 at 10:53
  • @OcasoProtal I tried accessing the Microsoft URL in browser while I was having issues. The URL could be loaded successfully, it was a XML file containing URLs. – KC Wong Apr 25 '19 at 00:44
  • Still weird ;) But fortunately you got your problem solved – Ocaso Protal Apr 25 '19 at 06:18

4 Answers4

222

could be TLS security related (ref: https://rnelson0.com/2018/05/17/powershell-in-a-post-tls1-1-world/)

Try this command first:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

then try to do the update. Note: the command only affects the current session and does not persist.

You may also check what version of TLS for client is set on computer. Looks like TLS 1.0 for client is required. (ref: https://powershell.org/forums/topic/wmf-5-1-upgrade-broken-repositories/)

Michael

Andacious
  • 1,162
  • 10
  • 17
Michael Cohoon
  • 2,221
  • 1
  • 6
  • 4
24

As per https://community.spiceworks.com/topic/2265662-powershell-get-download-problem

I had the same problem today...

My issue was PowerShell Gallery would not download anything on W2016 boxes:

VERBOSE: InstallPackage' - name='AzureRM.BootStrapper',
version='0.5.0',destination='C:\Users\Administrator\AppData\Local\Temp\2\1254134668'
VERBOSE: DownloadPackage' - name='AzureRM.BootStrapper',
version='0.5.0',destination='C:\Users\Administrator\AppData\Local\Temp\2\1254134668\AzureRM.BootStrapper\AzureRM.BootSt
rapper.nupkg', uri='https://www.powershellgallery.com/api/v2/package/AzureRM.BootStrapper/0.5.0'
VERBOSE: Downloading 'https://www.powershellgallery.com/api/v2/package/AzureRM.BootStrapper/0.5.0'.
VERBOSE: An error occurred while sending the request.
VERBOSE: Retry downloading 'https://www.powershellgallery.com/api/v2/package/AzureRM.BootStrapper/0.5.0' for '2' more
times
VERBOSE: An error occurred while sending the request.
VERBOSE: Retry downloading 'https://www.powershellgallery.com/api/v2/package/AzureRM.BootStrapper/0.5.0' for '1' more
times
VERBOSE: An error occurred while sending the request.
VERBOSE: Retry downloading 'https://www.powershellgallery.com/api/v2/package/AzureRM.BootStrapper/0.5.0' for '0' more
times
VERBOSE: Downloading package 'AzureRM.BootStrapper' failed, please make sure
'https://www.powershellgallery.com/api/v2/package/AzureRM.BootStrapper/0.5.0' is accessable.
WARNING: Source Location 'https://www.powershellgallery.com/api/v2/package/AzureRM.BootStrapper/0.5.0' is not valid.
PackageManagement\Install-Package : Package 'AzureRM.BootStrapper' failed to download.
At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:1772 char:21
+ ...          $null = PackageManagement\Install-Package @PSBoundParameters
+                      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ResourceUnavailable: (C:\Users\Admini...tStrapper.nupkg:String) [Install-Package], Excep
   tion
    + FullyQualifiedErrorId : PackageFailedInstallOrDownload,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPac
   kage

What helped me to find out it was TLS v1.2 was this error in Fiddler:

System.Security.Authentication.AuthenticationException A call to SSPI failed, see inner exception

From there I got this -> A call to SSPI failed, see inner exception - The Local Security Authority cannot be contacted

Then tested locally with:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

Which worked fine!

Hopefully, that will help somebody in the future :-)

You can set it for the whole .NET framework by editing registry:

# Set strong cryptography on 64 bit .Net Framework (version 4 and above)
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord


# Set strong cryptography on 32 bit .Net Framework (version 4 and above)
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord

This happened a few days ago on Windows Server 2016 Datacentre boxes, Win 2019 works fine still.

Commands thanks to: https://johnlouros.com/blog/enabling-strong-cryptography-for-all-dot-net-applications

Happy Azure Stacking!!!

Chris Black
  • 351
  • 2
  • 3
  • 1
    Thank you. We had Octopus Deploy tentacles running powershell on Windows Server 2016 Datacenter and powershell was complaining that a NuGet source was not valid. I ran the two commands to update the security for the .NET framework and everything is back to normal. – Matt Shank Apr 08 '20 at 14:34
  • 2
    This is now mentioned at https://devblogs.microsoft.com/powershell/powershell-gallery-tls-support/ – hansvb Apr 15 '20 at 07:14
  • 2
    [Net.ServicePointManager]::SecurityProtocol += [Net.SecurityProtocolType]::Tls12 adds tls12 to existing sec protocols instead of overridding. works good too – Nick Kavadias Apr 21 '20 at 05:01
  • Thanks, those reg' edits fixed my issue with docker container builds... priceless... – Choco Dec 09 '20 at 06:33
10

Try this:

[System.Net.WebRequest]::DefaultWebProxy.Credentials = System.Net.CredentialCache]::DefaultCredentials

If the above doesn't work try this:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
mellifluous
  • 2,345
  • 2
  • 29
  • 45
0

Having taken many steps to overcome the similar problem, I just wanted to document the process in a more clear way. Here are the steps to overcome problems of NuGet and Docker installation in Windows Server (tested in 2016):

  1. Make sure that Powershell version is 5.1 or higher: Get-Host | Select-Object Version

  2. Update SSL/TLS versions supported by the server:

x64: Set-ItemProperty -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord

x32: Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord

  1. Restart the Powershell and check whether the desired effect is achieved: [Net.ServicePointManager]::SecurityProtocol

(You should now see semeting like this:) Tls, Tls11, Tls12, etc.

  1. Install NuGet: Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force

  2. Install Docker: Install-Module -Name DockerMsftProvider -Force Install-Package -Name docker -ProviderName DockerMsftProvider -Force

Bojan
  • 769
  • 9
  • 16
ozeray
  • 2,134
  • 2
  • 18
  • 13