As you might have heard, Microsoft is rushing to get rid of older insecure TLS versions. TLS 1.2 is the new minimum in Microsoft 365 and a couple of days ago (on the 20th of February 2019 according to my logs) this also happened in Microsoft Graph. I noticed this because my Azure Automation runbooks with Graph calls stopped working. The error was this:
Failed The underlying connection was closed: An unexpected error occurred on a send. (The underlying connection was closed: An unexpected error occurred on a send. (Unable to read data from the transport connection: Overlapped I/O event is not in a signaled state. (Overlapped I/O event is not in a signaled state)))
The message isn’t all that clear but it turns out that it’s a TLS issue where PowerShell in Azure Automation is using an older version which Graph won’t accept. This did not happen on my Windows 10 1809 workstation where the right TLS version was used by default when connecting to Graph.
I put the following line in my runbook scripts before querying Graph to force TLS 1.2 and that solved the issue.
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Please follow me here, on LinkedIn and on Twitter!
Daniel Chronlund Cloud Security Blog 