Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Knife Windows Bootstrap fails to download chef-client #8713

clunaslunas opened this issue Jan 24, 2019 · 0 comments


None yet
1 participant
Copy link

commented Jan 24, 2019

User Story

As an infrastructure engineer, I will use this work when I want to bootstrap windows server boxes with chef-clients.


The Windows Server boxes are configured with TLS 1.2 and fails due to the generated powershell script (wget.ps1) from knife to download the chef-client with the following error:

The underlying connection was closed: An unexpected error

Chef Version


Platform Version

Chef is running on Ubuntu 16
Chef-client on Windows Server 2016 TLS 1.2

Steps taken to fix the issue at the moment:

cd /opt/chefdk/embedded/lib/ruby/gems/2.5.0/gems/knife-windows-1.9.6/lib/chef/knife/core/
edit windows_bootstrap_context.rb by adding

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

Like so....

[String] $remoteUrl,
[String] $localPath

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$ProxyUrl = $env:http_proxy;
$webClient = new-object System.Net.WebClient;

if ($ProxyUrl -ne '') {
$WebProxy = New-Object System.Net.WebProxy($ProxyUrl,$true)
$WebClient.Proxy = $WebProxy

$webClient.DownloadFile($remoteUrl, $localPath);

Requested resolution

Please allow for some type of switch that will add the Service Point Manager Security Protocol of tls1.2 when bootstrapping chef-clients with
knife bootstrap windows winrm

@tas50 tas50 transferred this issue from chef/chef-web-docs Jul 3, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.