Skip to main content

Puppet runs fail with a "WARNING: MSG:UnableToDownload" on Windows 2016 and earlier when using Chocolately

Jordi Garcia
  • Updated

If you’re using Chocolatey as a package manager, and some of your nodes are running Windows 2016 and earlier, when you run Puppet it fails with a WARNING: MSG:UnableToDownload error.

Error messages

Errors similar to the following:

Cannot collect packages for Puppet::Type::Package::ProviderWindowspowershell provider; 765: unexpected token at 'WARNING: MSG:UnableToDownload' Could not prefetch pspackageprovider provider 'windowspowershell': 765: unexpected token at 'WARNING: MSG:UnableToDownload' Failed to apply catalog: 765: unexpected token at 'WARNING: MSG:UnableToDownload'

Errors during Puppet debug runs (puppet agent -t --debug) such as:

Error: Cannot collect packages for Puppet::Type::Package::ProviderWindowspowershell provider; 765: unexpected token at 'WARNING: MSG:UnableToDownload «https://go.microsoft.com/fwlink/?LinkID=627338&clcid=0x409» «»' Error: Failed to apply catalog: 765: unexpected token at 'WARNING: MSG:UnableToDownload ┬½https://go.microsoft.com/fwlink/?LinkID=627338&clcid=0x409┬╗ ┬½┬╗'

Chocolatey requires TLS 1.2, and no longer supports TLS 1.0 and TLS 1.1. You are getting this error because by default, TLS 1.2 is not enabled in Windows 2016 and earlier for .NET 4 applications (including PowerShell).

Version and installation information

PE version: All supported versions
OS: Windows 2016 and earlier

Solution

To fix the issue, enable TLS 1.2 in Windows by updating registry keys.

Pick one of these methods to set the keys, based on your situation:

  • If Puppet runs are not working, run a task on Windows nodes to update the registry keys.

  • If Puppet agent is communicating with Windows nodes, can apply a module to Windows nodes to set the keys.

To run a task on Windows nodes

To make the change by running a task

  1. Create a .ps1 script with the following code:

     Set-ItemProperty -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord
 Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord

  2. To make the change, run the script as a task on the Windows nodes using steps in our documentation.

To apply a module to Windows nodes

  1. Create a module that updates registry keys on your Windows nodes including the following code:

     registry_value {
   default:
     ensure => present,
     type   => 'dword',
   ;
   'Enable TLS 1.2 for all 64-bit .NET 4 applications':
     path => 'HKLM\SOFTWARE\Microsoft\.NetFramework\v4.0.30319\SchUseStrongCrypto',
     data => 1,
   ;
   'Enable TLS 1.2 for all 32-bit .NET 4 applications':
     path => 'HKLM\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319\SchUseStrongCrypto',
     data => 1,
 }

  2. To make the change apply the module to your Windows nodes.

Learn more about enabling strong cryptography for all .NET applications.

Did this solve your problem?
0 out of 0 found this helpful

How can we improve this article?

0 comments

Please sign in to leave a comment.

Related articles