When a file is downloaded from cloud proxy to a Windows end point, it could fail due to security protocols.


Script download fails on a Windows platform with the following message:
The request was aborted: Could not create SSL/TLS secure channel.
There are three kinds of PowerShell scripts hosted in cloud proxy that can be downloaded and executed at the Windows end point VMs for different purposes:
  • To install custom Telegraf using a script (download.ps1).
  • To install custom Telegraf on a physical server (unmanagedagent_setup_sample.ps1).
  • To configure open source Telegraf on managed or unmanaged VMs (open_source_telegraf_monitor.ps1).


Ignore the ServerCertificateValidationCallback using the following command.
if (-not ([System.Management.Automation.PSTypeName]'ServerCertificateValidationCallback').Type)
$certCallback = @"
    using System;
    using System.Net;
    using System.Net.Security;
    using System.Security.Cryptography.X509Certificates;
    public class ServerCertificateValidationCallback
        public static void Ignore()
            if(ServicePointManager.ServerCertificateValidationCallback ==null)
                ServicePointManager.ServerCertificateValidationCallback +=
                        Object obj,
                        X509Certificate certificate,
                        X509Chain chain,
                        SslPolicyErrors errors
                        return true;
    Add-Type $certCallback
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

After downloading and executing the required script, ServerCertificateValidationCallback can be enabled.