“The SSL connection could not be established” I’ve tried everything: turned off firewalls - connect using Mobile hotspot - adjusted executionpolicy to remotesigned - used WaM - used browser authentication - cleared the context file in .Azure… It’s a student account.
Very weird thing is this is only on my Laptop (thinkpad x1 gen 10). On my desktop it works, no issues. I have a student account - but my fellow students do not have this issue.
EDIT: here's the debug output: PS C:\Users\arnec> connect-azaccount -debug DEBUG: 10:29:27 - [ConfigManager] Got nothing from [DisplaySecretsWarning], Module = [], Cmdlet = []. Returning default value [True]. DEBUG: 10:29:27 - ConnectAzureRmAccountCommand begin processing with ParameterSet 'UserWithSubscriptionId'. DEBUG: 10:29:27 - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True]. DEBUG: 10:29:27 - [ConfigManager] Got nothing from [DefaultSubscriptionForLogin], Module = [], Cmdlet = []. Returning default value [].
Confirm
Are you sure you want to perform this action?
Performing the operation "log in" on target "User account in environment 'AzureCloud'".
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): y
DEBUG: 10:29:32 - Autosave setting from startup session: 'CurrentUser'
DEBUG: 10:29:32 - No autosave setting detected in environment variable 'AzContextAutoSave'.
DEBUG: 10:29:32 - Using Autosave scope 'CurrentUser'
Please select the account you want to login with.
DEBUG: 10:29:32 - [InteractiveUserAuthenticator] Calling InteractiveBrowserCredential.AuthenticateAsync with TenantId:'', Scopes:'https://management.core.windows.net//.default', AuthorityHost:'https://login.microsoftonline.com/', RedirectUri:'http://localhost:8400/'
DEBUG: InteractiveBrowserCredential.Authenticate invoked. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId:
DEBUG: Executing interactive authentication workflow inline.
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Microsoft Windows 10.0.22631 [2024-09-28 08:29:32Z - f1ec6979-54fe-4267-b52c-77abdd6bbe97] MSAL MSAL.CoreCLR with assembly version '4.61.3.0'. CorrelationId(f1ec6979-54fe-4267-b52c-77abdd6bbe97)
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Microsoft Windows 10.0.22631 [2024-09-28 08:29:32Z - f1ec6979-54fe-4267-b52c-77abdd6bbe97] === InteractiveParameters Data ===
LoginHint provided: False
User provided: False
UseEmbeddedWebView: NotSpecified
ExtraScopesToConsent:
Prompt: select_account
HasCustomWebUi: False
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Microsoft Windows 10.0.22631 [2024-09-28 08:29:32Z - f1ec6979-54fe-4267-b52c-77abdd6bbe97]
=== Request Data ===
Authority Provided? - True
Scopes - https://management.core.windows.net//.default
Extra Query Params Keys (space separated) -
ApiId - AcquireTokenInteractive
IsConfidentialClient - False
SendX5C - False
LoginHint ? False
IsBrokerConfigured - False
HomeAccountId - False
CorrelationId - f1ec6979-54fe-4267-b52c-77abdd6bbe97
UserAssertion set: False
LongRunningOboCacheKey set: False
Region configured:
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Microsoft Windows 10.0.22631 [2024-09-28 08:29:32Z - f1ec6979-54fe-4267-b52c-77abdd6bbe97] === Token Acquisition (InteractiveRequest) started:
Scopes: https://management.core.windows.net//.default
Authority Host: login.microsoftonline.com
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Microsoft Windows 10.0.22631 [2024-09-28 08:29:32Z - f1ec6979-54fe-4267-b52c-77abdd6bbe97] [Instance Discovery] Instance discovery is enabled and will be performed
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Microsoft Windows 10.0.22631 [2024-09-28 08:29:32Z - f1ec6979-54fe-4267-b52c-77abdd6bbe97] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Microsoft Windows 10.0.22631 [2024-09-28 08:29:32Z - f1ec6979-54fe-4267-b52c-77abdd6bbe97] Using system browser.
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Microsoft Windows 10.0.22631 [2024-09-28 08:29:32Z - f1ec6979-54fe-4267-b52c-77abdd6bbe97] Listening for authorization code on http://localhost:8400/
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Microsoft Windows 10.0.22631 [2024-09-28 08:29:46Z - f1ec6979-54fe-4267-b52c-77abdd6bbe97] Processing a response message to the browser. HttpStatus:OK
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Microsoft Windows 10.0.22631 [2024-09-28 08:29:46Z - f1ec6979-54fe-4267-b52c-77abdd6bbe97] An authorization code was retrieved from the /authorize endpoint.
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Microsoft Windows 10.0.22631 [2024-09-28 08:29:46Z - f1ec6979-54fe-4267-b52c-77abdd6bbe97] Exchanging the auth code for tokens.
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Microsoft Windows 10.0.22631 [2024-09-28 08:29:46Z - f1ec6979-54fe-4267-b52c-77abdd6bbe97] === InteractiveParameters Data ===
LoginHint provided: False
User provided: False
UseEmbeddedWebView: NotSpecified
ExtraScopesToConsent:
Prompt: select_account
HasCustomWebUi: False
DEBUG: Request [75545293-d31e-49a1-b1a5-10f6a52ab97f] POST https://login.microsoftonline.com/organizations/oauth2/v2.0/token
x-client-SKU:REDACTED
x-client-Ver:REDACTED
x-client-OS:REDACTED
x-anchormailbox:REDACTED
x-client-current-telemetry:REDACTED
x-client-last-telemetry:REDACTED
x-ms-lib-capability:REDACTED
client-request-id:REDACTED
return-client-request-id:REDACTED
x-app-name:REDACTED
x-app-ver:REDACTED
Content-Type:application/x-www-form-urlencoded
x-ms-client-request-id:75545293-d31e-49a1-b1a5-10f6a52ab97f
x-ms-return-client-request-id:true
User-Agent:azsdk-net-Identity/1.12.0 (.NET 8.0.8; Microsoft Windows 10.0.22631)
client assembly: Azure.Identity
DEBUG: Response [75545293-d31e-49a1-b1a5-10f6a52ab97f] 200 OK (00.2s)
Cache-Control:no-store, no-cache
Pragma:no-cache
Strict-Transport-Security:REDACTED
X-Content-Type-Options:REDACTED
P3P:REDACTED
client-request-id:REDACTED
x-ms-request-id:d115012d-c00f-4d7c-ae05-dbcb558f1d01
x-ms-ests-server:REDACTED
x-ms-clitelem:REDACTED
x-ms-srs:REDACTED
X-XSS-Protection:REDACTED
Set-Cookie:REDACTED
Date:Sat, 28 Sep 2024 08:29:46 GMT
Content-Type:application/json; charset=utf-8
Expires:-1
Content-Length:5188
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Microsoft Windows 10.0.22631 [2024-09-28 08:29:46Z - f1ec6979-54fe-4267-b52c-77abdd6bbe97] Checking client info returned from the server..
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Microsoft Windows 10.0.22631 [2024-09-28 08:29:46Z - f1ec6979-54fe-4267-b52c-77abdd6bbe97] Saving token response to cache..
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Microsoft Windows 10.0.22631 [2024-09-28 08:29:46Z - f1ec6979-54fe-4267-b52c-77abdd6bbe97] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Microsoft Windows 10.0.22631 [2024-09-28 08:29:46Z - f1ec6979-54fe-4267-b52c-77abdd6bbe97] [SaveTokenResponseAsync] Saving AT in cache and removing overlapping ATs...
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Microsoft Windows 10.0.22631 [2024-09-28 08:29:46Z - f1ec6979-54fe-4267-b52c-77abdd6bbe97] Looking for scopes for the authority in the cache which intersect with https://management.core.windows.net//.default
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Microsoft Windows 10.0.22631 [2024-09-28 08:29:46Z - f1ec6979-54fe-4267-b52c-77abdd6bbe97] Intersecting scope entries count - 1
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Microsoft Windows 10.0.22631 [2024-09-28 08:29:46Z - f1ec6979-54fe-4267-b52c-77abdd6bbe97] Matching entries after filtering by user - 1
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Microsoft Windows 10.0.22631 [2024-09-28 08:29:46Z - f1ec6979-54fe-4267-b52c-77abdd6bbe97] [SaveTokenResponseAsync] Saving Id Token and Account in cache ...
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Microsoft Windows 10.0.22631 [2024-09-28 08:29:46Z - f1ec6979-54fe-4267-b52c-77abdd6bbe97] [SaveTokenResponseAsync] Saving RT in cache...
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Microsoft Windows 10.0.22631 [2024-09-28 08:29:46Z - f1ec6979-54fe-4267-b52c-77abdd6bbe97] IsLegacyAdalCacheEnabled: yes
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Microsoft Windows 10.0.22631 [2024-09-28 08:29:46Z - f1ec6979-54fe-4267-b52c-77abdd6bbe97] Not writing FRT in ADAL legacy cache.
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Microsoft Windows 10.0.22631 [2024-09-28 08:29:46Z - f1ec6979-54fe-4267-b52c-77abdd6bbe97]
=== Token Acquisition finished successfully:
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Microsoft Windows 10.0.22631 [2024-09-28 08:29:46Z - f1ec6979-54fe-4267-b52c-77abdd6bbe97] AT expiration time: 28/09/2024 9:40:16 +00:00, scopes: https://management.core.windows.net//.default https://management.core.windows.net//user_impersonation. source: IdentityProvider
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Microsoft Windows 10.0.22631 [2024-09-28 08:29:46Z - f1ec6979-54fe-4267-b52c-77abdd6bbe97] Fetched access token from host login.microsoftonline.com.
DEBUG: InteractiveBrowserCredential.Authenticate succeeded. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId: ExpiresOn: 2024-09-28T09:40:16.4389246+00:00
DEBUG: 10:29:46 - [MsalAccessToken] Calling InteractiveBrowserCredential.GetTokenAsync - Scopes:'https://management.core.windows.net//.default'
DEBUG: InteractiveBrowserCredential.GetToken invoked. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId:
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Microsoft Windows 10.0.22631 [2024-09-28 08:29:46Z - a78a5fe2-c559-4954-aa66-8b5d231f7531] MSAL MSAL.CoreCLR with assembly version '4.61.3.0'. CorrelationId(a78a5fe2-c559-4954-aa66-8b5d231f7531)
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Microsoft Windows 10.0.22631 [2024-09-28 08:29:46Z - a78a5fe2-c559-4954-aa66-8b5d231f7531] === AcquireTokenSilent Parameters ===
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Microsoft Windows 10.0.22631 [2024-09-28 08:29:46Z - a78a5fe2-c559-4954-aa66-8b5d231f7531] LoginHint provided: False
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Microsoft Windows 10.0.22631 [2024-09-28 08:29:46Z - a78a5fe2-c559-4954-aa66-8b5d231f7531] Account provided: True
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Microsoft Windows 10.0.22631 [2024-09-28 08:29:46Z - a78a5fe2-c559-4954-aa66-8b5d231f7531] ForceRefresh: False
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Microsoft Windows 10.0.22631 [2024-09-28 08:29:46Z - a78a5fe2-c559-4954-aa66-8b5d231f7531]
=== Request Data ===
Authority Provided? - True
Scopes - https://management.core.windows.net//.default
Extra Query Params Keys (space separated) -
ApiId - AcquireTokenSilent
IsConfidentialClient - False
SendX5C - False
LoginHint ? False
IsBrokerConfigured - False
HomeAccountId - False
CorrelationId - a78a5fe2-c559-4954-aa66-8b5d231f7531
UserAssertion set: False
LongRunningOboCacheKey set: False
Region configured:
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Microsoft Windows 10.0.22631 [2024-09-28 08:29:46Z - a78a5fe2-c559-4954-aa66-8b5d231f7531] === Token Acquisition (SilentRequest) started:
Scopes: https://management.core.windows.net//.default
Authority Host: login.microsoftonline.com
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Microsoft Windows 10.0.22631 [2024-09-28 08:29:46Z - a78a5fe2-c559-4954-aa66-8b5d231f7531] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Microsoft Windows 10.0.22631 [2024-09-28 08:29:46Z - a78a5fe2-c559-4954-aa66-8b5d231f7531] Access token is not expired. Returning the found cache entry. [Current time (09/28/2024 08:29:46) - Expiration Time (09/28/2024 09:40:16 +00:00) - Extended Expiration Time (09/28/2024 09:40:16 +00:00)]
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Microsoft Windows 10.0.22631 [2024-09-28 08:29:46Z - a78a5fe2-c559-4954-aa66-8b5d231f7531] Returning access token found in cache. RefreshOn exists ? False
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Microsoft Windows 10.0.22631 [2024-09-28 08:29:46Z - a78a5fe2-c559-4954-aa66-8b5d231f7531] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Microsoft Windows 10.0.22631 [2024-09-28 08:29:46Z - a78a5fe2-c559-4954-aa66-8b5d231f7531]
=== Token Acquisition finished successfully:
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Microsoft Windows 10.0.22631 [2024-09-28 08:29:46Z - a78a5fe2-c559-4954-aa66-8b5d231f7531] AT expiration time: 28/09/2024 9:40:16 +00:00, scopes: https://management.core.windows.net//.default https://management.core.windows.net//user_impersonation. source: Cache
DEBUG: InteractiveBrowserCredential.GetToken succeeded. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId: ExpiresOn: 2024-09-28T09:40:16.0000000+00:00
DEBUG: ============================ HTTP REQUEST ============================
HTTP Method:
GET
Absolute Uri:
https://management.azure.com/tenants?api-version=2021-01-01
Headers:
Accept-Language : en-US
x-ms-client-request-id : 78f132e5-c4ae-4866-939c-28011fc97ff2
Body:
WARNING: Unable to acquire token for tenant 'organizations' with error 'The SSL connection could not be established, see inner exception.'
connect-azaccount -debugand see if it gives you more information? By default, it should attempt to connect to login.microsoftonline.com for example, so make sure you can open it in the browser without any issues, and/or tryInvoke-WebRequest https://login.microsoftonline.com/from powershell to see if you get the same error. If the debug says it failed on a different URL, test that one[System.Net.ServicePointManager]::SecurityProtocol.HasFlag([System.Net.SecurityProtocolType]'Tls12')in your PowerShell session. If it comes up False then that is probably your problem.