Azure DevOps Powershell script Could not create SSL/TLS secure channel

There are few workarounds which are working.

1. Workaround 1

   1. Use Azure Powershell Task Version 5
   2. Select "Azure Resource Manager Connection"
   3. Change ASM Module commands to Az commands

2. Workaround 2

   1. Use Azure Powershell Task Version 3
   2. Classic Connection
   3. Downgrade Azure Powershell Version to 4.2.1

3. Workaround 3 (for private agents)

   1. Create a self-signed cert in your CurrentUser\My store. you can find details on creating a self-signed cert here: https://docs.microsoft.com/en-us/azure/cloud-services/cloud-services-certs-create
   2. Export the public key for the cert as a DER-encoded CER file (you can use mmc or any other cert tool for this)
   3. Upload the .Cer file as a management certificate through the portal: https://docs.microsoft.com/en-us/previous-versions/azure/azure-api-management-certs
   4. Authenticate using Set-AzureSubscription:

    PS C:\> Clear-AzureProfile PS C:\> $cert = Get-Item Cert:\CurrentUser\My\ PS C:\ > Set-AzureSubscription -SubscriptionName "" -SubscriptionId  -Certificate $cert PS C:\> Select-AzureSubscription -SubscriptionId  

4. Workaround 4

   1. Add below script to each Azure Powershell task

        $p = (Get-Variable Endpoint -ValueOnly).Auth.Parameters.certificate  $bytes = [convert]::FromBase64String($p)  [IO.File]::WriteAllBytes("C:\cert.pfx",$bytes)  Import-PfxCertificate -FilePath C:\cert.pfx -CertStoreLocation cert:\CurrentUser\My  .  .  actual script  .  .  #remove certificate from store  $thumb = (Get-PfxData -FilePath "C:\cert.pfx").EndEntityCertificates.Thumbprint  Remove-Item -Path cert:\CurrentUser\My\$thumb -recurse -Force

We had the same issue. It only manifested on windows-2019 agents, not vs2017-win2016.So you could fix it by changing the agent type, but a better fix is to use a specific Powershell version of 5.1.1 instead of latest. It seems that latest recently increased to 5.3.0 which causes this error.

I have the same issue and tried all these, for me it worked only if I added this after the Initialize-Azure part: "Set-AzureSubscription -SubscriptionId [my subscription id] -CurrentStorageAccountName [storage name]"