HP cmsl Get-HPDeviceDetails failes due to TLS1.3 in invoke-webrequest

1 post / 0 new
Author
Message
janko
Posted: 16 August 2021 - 9:14am
HP cmsl Get-HPDeviceDetails failes due to TLS1.3 in invoke-webrequest

Hello,

I have noticed that on our production machines ProDesk 400 G7 (Windows 10 - 20H2) the scriptlet "Get-HPDeviceDetails" failes as follows:

PS O:\> Get-HPDeviceDetails
platformList is not available on AWS or FTP.
Could not find platformList.
In C:\Program Files\WindowsPowerShell\Modules\HP.ClientManagement\HP.ClientManagement.psm1:2000 Zeichen:7
+       throw [System.Net.WebException]"Could not find platformList."
+       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OperationStopped: (:) [], WebException
    + FullyQualifiedErrorId : Could not find platformList.

I have investigated further and found out that the issue lies in the function Get-HPPrivateAllowedHttpsProtocols, returning [TLS12, TLS13] values for the ServicePointManager SecurityProtocol enum and then failes to connect in the function Test-HPPrivateIsDownloadNeeded (Invoke-Webrequest).

Is there any possibility to force TLS12 only, as it works well with only TLS12 enabled in ServicePointManager?

 

Thanks!

 

Call stack:

HP.ClientManagement.psm1 -> Get-HPPrivateOfflineCacheFiles -> Test-HPPrivateIsDownloadNeeded -> Get-HPPrivateAllowedHttpsProtocols

 

The related lines are as followed...

HP.ClientManagement.psm1 Line 1980:

$url = "https://hpia.hpcloud.hp.com/ref/platformList.cab"
  $filename = "platformList.cab"
  $try_on_ftp = $false

  try {
    $file = Get-HPPrivateOfflineCacheFiles -url $url -filename $filename -expand -Verbose:$VerbosePreference
  }
  catch {
    # platformList is not reachable on AWS, try to get it from FTP
    $try_on_ftp = $true
  }

 

Get-HPPrivateOfflineCacheFiles Line 1013:

function Get-HPPrivateOfflineCacheFiles {
  [CmdletBinding()]
  param(
    [string]$url,
    [string]$filename,
    [System.IO.DirectoryInfo]$cacheDirOffline = [System.IO.Path]::GetTempPath() + "hp",
    [switch]$expand
  )

  $file = Get-HPPrivateTemporaryFileName -FileName $filename -cacheDir $cacheDirOffline
  $filename = $filename.Replace("cab", "xml")
  $downloadedFile = "$file.dir\$filename"

  Write-Verbose "Checking if $url is available locally."
  try {
    $result = Test-HPPrivateIsDownloadNeeded -url $url -File $file -Verbose:$VerbosePreference
  }
  catch {
    throw [System.Net.WebException]"Could not find a data file for this platform."
  }

 

Test-HPPrivateIsDownloadNeeded Line 654:

function Test-HPPrivateIsDownloadNeeded {
  [CmdletBinding()]
  param([Parameter(Mandatory = $true)] $url, [Parameter(Mandatory = $true)] $file)

  Write-Verbose "Checking if we need a new copy of $file"

  # $c = [System.Net.ServicePointManager]::SecurityProtocol
  # Write-Verbose ("Allowed HTTPS protocols: $c")
  [System.Net.ServicePointManager]::SecurityProtocol = Get-HPPrivateAllowedHttpsProtocols

  # need to validate if $header can be generated, in other words if $url is legitimate
  try {
    $headers = (Invoke-WebRequest  -Uri $url -Method HEAD -UseBasicParsing).Headers
    [datetime]$offered = [string] $headers["Last-Modified"]
    Write-Verbose "File on server has timestamp $offered"
  }
  catch {
    Write-Verbose "data file not found on $url"
    throw 
  }

 

Top