PowerShell

Invoke-RestMethod : The underlying connection was closed: An unexpected error occurred on a send while connecting Graph API

In the last few days, I've got two reports that my PowerShell module for Office 365 Health suddenly started giving errors. This was a bit weird because it worked perfectly fine on my end. But while I could understand one person having an issue of their own, with their network or firewalls, if the second person comes along with the same report, that means something else is going on. The error is not telling much:

Invoke-RestMethod : The underlying connection was closed: An unexpected error occurred on a send.
At C:\Program Files\WindowsPowerShell\Modules\PSWinDocumentation.O365HealthService\0.2.2\PSWinDocumentation.O365HealthService.psm1:307 char:18

Since this PowerShell module is all about Invoke-RestMethod it means all calls to it are failing.

Invoke-RestMethod - TLS 1.0 to TLS 1.2

It seems that the error is coming from Office 365 change were TLS 1.0 is being superseded by TLS 1.2. Since it's still working for my default configuration, I guess my tenant is not yet forced on TLS 1.2, but others already switched. The fix is simple. Before executing Invoke-RestMethod, just run this:

​[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

This change stays active for the whole PowerShell session. If you close and reopen PowerShell, it will be gone. If you use Invoke-RestMethod in your scripts, add it in a function next to the first Invoke-RestMethod you use. If you want this always to be available – add it to your PowerShell profile. That way, you won't have to worry about it. Just remember to tell others if you send the scripts over. Keep in mind, however, that this change may impact other commands that you use. If you work with some legacy systems that don't support TLS 1.2, you may need to work it out before going full-on TLS 1.2. If you want to read more about the change, you can read about it Preparing for TLS 1.2 in Office 365 and Office 365 GCC. While in theory they will start turning off TLS 1.0 and TLS 1.1 as of June 2020, it seems some tenants and some services got the change a bit earlier.

This post was last modified on December 14, 2019 12:01

Przemyslaw Klys

System Architect with over 14 years of experience in the IT field. Skilled, among others, in Active Directory, Microsoft Exchange and Office 365. Profoundly interested in PowerShell. Software geek.

Share
Published by
Przemyslaw Klys

Recent Posts

Upgrade Azure Active Directory Connect fails with unexpected error

Today, I made the decision to upgrade my test environment and update the version of…

2 months ago

Mastering Active Directory Hygiene: Automating Stale Computer Cleanup with CleanupMonster

Have you ever looked at your Active Directory and wondered, "Why do I still have…

3 months ago

Active Directory Replication Summary to your Email or Microsoft Teams

Active Directory replication is a critical process that ensures the consistent and up-to-date state of…

7 months ago

Syncing Global Address List (GAL) to personal contacts and between Office 365 tenants with PowerShell

Hey there! Today, I wanted to introduce you to one of the small but excellent…

12 months ago

Active Directory Health Check using Microsoft Entra Connect Health Service

Active Directory (AD) is crucial in managing identities and resources within an organization. Ensuring its…

1 year ago

Seamless HTML Report Creation: Harness the Power of Markdown with PSWriteHTML PowerShell Module

In today's digital age, the ability to create compelling and informative HTML reports and documents…

1 year ago