I have a DSC script that configures a VMSS on Azure. Part of the script disables TLS1.0 and TLS1.1 client and server roles. After disabling, the VMSS cannot download the DSC script in the zip file anymore. Says it timed out after 29 attempts. If I enable the TLS protocols, it works again.
Is there a way to make the script download using TLS 1.2?
Currently, this is the ARM configuration for the script extension:
"extensionProfile": {
"extensions": [
{
"name": "Microsoft.Powershell.DSC",
"properties": {
"publisher": "Microsoft.Powershell",
"type": "DSC",
"typeHandlerVersion": "2.72",
"autoUpgradeMinorVersion": true,
"forceUpdateTag": "[parameters('dscVmssUpdateTagVersion')]",
"settings": {
"configuration": {
"url": "https://mydsc.blob.core.windows.net/dsc/scalesetSetup.zip",
"script": "prepareServer.ps1",
"function": "PrepareServer"
},
"configurationArguments": {
"nodeName": "localhost",
"envName": "[parameters('envName')]",
"buildNumber": "[parameters('buildNumber')]"
}
}
}
}
]
}
No, there is no way of doing that, move your script into the DSC configuration (or at least the part that disables TLS 1.0\1.1). This way you can solve this chicken\egg dilema.