• State Suggested Answer
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 47 subscribers
  • Views 135 views
  • Users 0 members are here
Options
Related

ISHRemote could not create session: New-IshSession: The requested security protocol is not supported.

Lihao Lei

I was trying to connect to Tridion Docs via ishRemote. The ISHRemote module is installed on the SAME instance of Tridion Docs. The default TLS protocol combination was Ssl3, Tls. Security issue occurred even if I set appropriate TLS protocols (see below)

However, If I connect to Tridion Docs from another computer (also installed ISHRemote module of same version), the session was created successfully.

The version of ISHRemote module is 7.0.0

 

PS C:\Users\Administrator> $psversiontable

Name Value

---- -----

PSVersion 5.1.14393.7330

PSEdition Desktop

PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}

BuildVersion 10.0.14393.7330

CLRVersion 4.0.30319.42000

WSManStackVersion 3.0

PSRemotingProtocolVersion 2.3

SerializationVersion 1.1.0.1

PS C:\Users\Administrator> [Net.ServicePointManager]::SecurityProtocol = "Tls, Tls11, Tls12, Ssl3"

PS C:\Users\Administrator> $ishSession = New-IshSession -WsBaseUrl localhost/.../ -IshUserName "Admin" -IshPassword "admin"

New-IshSession : The requested security protocol is not supported.

At line:1 char:15

+ ... shSession = New-IshSession -WsBaseUrl localhost/.../ -IshUs ...

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo : InvalidOperation: (:) [New-IshSession], NotSupportedException

+ FullyQualifiedErrorId : -1,Trisoft.ISHRemote.Cmdlets.Session.NewIshSession
emoji
Rate translation
×
Suggest better translation
×
Parents
  • 0

    Hi Lihao,

    In the end Security Protocol is a handshake done between the Server and Client as part of your Operating System and .NET runtime environment. Where ISHRemote is a client consuming the Client operating system and .NET runtime. In your problem scenario the Client and the Server are the same machine.

    On the Client you are defining 4 protocols, even unsecure Ssl3 is mentioned. Lines like [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 are probably ignored as ISHRemote through class IShSession sets the Client to negotiate with the availalbe secure options, see code on github.com/.../IshSession.cs

    1. What I do notice in your example is that you mention "localhost" as -WsBaseUrl parameter. How is the full url working? Can I assume it is https://localhost/?
    2. Preferably update your ISHRemote v7 edition to latest v8.1, in case there are still issues, they will only be fixed on latest version. Latest ISHRemote works on previous Tridion Docs versions. Can you do that?
    3. Can you run your New-IShSession cmdlet but add a -Debug flag so we perhaps see near which log statement the .NET Framework error is thrown?

    Best wishes,
    Dave
    emoji
Reply
  • 0

    Hi Lihao,

    In the end Security Protocol is a handshake done between the Server and Client as part of your Operating System and .NET runtime environment. Where ISHRemote is a client consuming the Client operating system and .NET runtime. In your problem scenario the Client and the Server are the same machine.

    On the Client you are defining 4 protocols, even unsecure Ssl3 is mentioned. Lines like [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 are probably ignored as ISHRemote through class IShSession sets the Client to negotiate with the availalbe secure options, see code on github.com/.../IshSession.cs

    1. What I do notice in your example is that you mention "localhost" as -WsBaseUrl parameter. How is the full url working? Can I assume it is https://localhost/?
    2. Preferably update your ISHRemote v7 edition to latest v8.1, in case there are still issues, they will only be fixed on latest version. Latest ISHRemote works on previous Tridion Docs versions. Can you do that?
    3. Can you run your New-IShSession cmdlet but add a -Debug flag so we perhaps see near which log statement the .NET Framework error is thrown?

    Best wishes,
    Dave
    emoji
Children
  • 0 in reply to Dave De Meyer

    Hi Dave,

    Thanks for your reply. I've tried substitude with full url, meanwhile using v8.1, but the problem still exists.

    One thing to mention, the ISHRemote module is installed manually because the instance has no web access. I unzipped the nupkg file and put it into PSModulePath.

    Here is the output which a `-Debug` flag is appended.

    PS C:\Users\Administrator> $ishSession = New-IshSession -WsBaseUrl https://mydomain.com/ISHWS/ -IshUserName "Admin" -IshPassword "admin" -Debug
    DEBUG: NewIshSession 20241113.171928.185 BeginProcessing
    VERBOSE: NewIshSession Connecting to WsBaseUrl[https://mydomain.com/ISHWS/] IshUserName[Admin] IshPassword[*****]
    DEBUG: NewIshSession 20241113.171931.922 Connecting to WsBaseUrl[https://mydomain.com/ISHWS/] IshUserName[Admin] IshPassword[*****]
    DEBUG: NewIshSession 20241113.171931.937 Connecting to WsBaseUrl[https://mydomain.com/ISHWS/] IshUserName[Admin] IshPassword[*****] Timeout[00:30:00] IgnoreSslPolicyErrors[False]
    DEBUG: NewIshSession 20241113.171931.937 Enabling Tls, Tls11, Tls12 and Tls13 security protocols on AppDomain. Timeout[00:30:00] IgnoreSslPolicyErrors[False]
    DEBUG: NewIshSession 20241113.171931.937 Enabling Tls, Tls11, Tls12 and Tls13 security protocols on HttpClientHandler. Timeout[00:30:00] IgnoreSslPolicyErrors[False]
    New-IshSession : The requested security protocol is not supported.
    At line:1 char:15
    + ... shSession = New-IshSession -WsBaseUrl https://mydomain ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidOperation: (:) [New-IshSession], NotSupportedException
    + FullyQualifiedErrorId : -1,Trisoft.ISHRemote.Cmdlets.Session.NewIshSession

    DEBUG: NewIshSession 20241113.171932.777 EndProcessing elapsed:2297ms

    PS C:\Users\Administrator>