0

I sort of inherited a web-checking PowerShell script running on a Windows 2012 server in batch mode (a simple batch file run on a regular basis by Task Scheduler is calling said PS script). The basic idea is to send a warning mail to a group of admins in case the script cannot access a given local URL.

In no way I am an expert when it comes to PowerShell and/or .NET. I am responsible for programming and maintaining custom solutions running on that machine, incl. basic maintenance of the http server that is queried (HCL Domino V 10.0.1).

The powershell engine used has this output from $PSVersionTable:

Name                           Value                                                                                                                                                                                   
----                           -----                                                                                                                                                                                   
PSVersion                      5.1.14409.1027                                                                                                                                                                          
PSEdition                      Desktop                                                                                                                                                                                 
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}                                                                                                                                                                 
BuildVersion                   10.0.14409.1027                                                                                                                                                                         
CLRVersion                     4.0.30319.34014                                                                                                                                                                         
WSManStackVersion              3.0                                                                                                                                                                                     
PSRemotingProtocolVersion      2.3                                                                                                                                                                                     
SerializationVersion           1.1.0.1

This is the PS script:

$HTTP_Request = [System.Net.WebRequest]::Create('http://myserver/path-to/ressource/')
$HTTP_Response = $HTTP_Request.GetResponse()
$HTTP_Status = [int]$HTTP_Response.StatusCode

If ($HTTP_Status -eq 200) {Write-Host -foregroundcolor green "Site " ($HTTP_Request.RequestUri) " is OK!"}
Else {
    $HTTP_Request = [System.Net.WebRequest]::Create('http://myserver/path-to/ressource/')
    $HTTP_Response = $HTTP_Request2.GetResponse()
    $HTTP_Status = [int]$HTTP_Response.StatusCode

    If ($HTTP_Status -eq 200) {Write-Host -ForegroundColor green "Site " ($HTTP_Request.RequestUri) " is OK!"}
    Else {
        Write-Host "The Site may be down, please check!"
        # send warning mail to admins
}
}

The Domino Web server is running on the same Windows machine as the script.

The script was working flawlessly to this day. Last week the Web server was switched from using http:// to https://:

A trusted certificate (TLSv1.2) was included and configured, the Web server is set to force a re-direction of any http request to https. There are no problems accessing the Web server's ressources through https://. I tested using the (outdated) Internet Explorer available on the server's machine to access web ressources through https://, and that also worked without any problems.

Since the switch was done the script is throwing errors. I tried modifying the URL passed in from "http://" to "https://". However, the error messages remain the same:

Exception calling "GetResponse" with "0" argument(s): "The request was aborted: Could not create SSL/TLS secure channel."
At C:\tmp\Scripts\webcheck1.ps1:2 char:1
+ $HTTP_Response = $HTTP_Request.GetResponse()
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : WebException

On the Web server's (Domino) console I see this message every time I run the script:

TLS/SSL connection failed with rejected SSLv3 connection

Anyone having an idea what could be going wrong and what I could change to get the script back to work? If it is getting too complicated for me to understand and handle I don't have a problem seeking external help; my hope is that it's not too complicated to get this back to work.

Would be great if your explanation came in a form understandable to a pure newbie to these kinds of topics - thank you!

Lothar Mueller
  • 2,528
  • 1
  • 16
  • 29
  • 4
    Try setting `[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12` at the top of your script – Mathias R. Jessen Jun 27 '22 at 11:48
  • Duplicate of https://stackoverflow.com/questions/41618766/powershell-invoke-webrequest-fails-with-ssl-tls-secure-channel or https://stackoverflow.com/questions/32994464/could-not-create-ssl-tls-secure-channel-despite-setting-servercertificatevalida – Mike Anthony Jun 27 '22 at 12:16
  • @MikeAnthony - sorry, I even had the first of your 2 references open; but as this is not really my expertise I didn't fully understand that my solution was in there - thanks for pointing t it! – Lothar Mueller Jun 27 '22 at 16:28

0 Answers0