by lunarg on October 22nd 2020, at 14:37

When attempting to install modules from the Powershell Gallery, you may get errors on older versions of Windows Server (2008-2012R2), even after updating PowerShell to more recent versions. The errors are concerning unable to install the NuGet provider, required to download packages from PSGallery.

Errors are similar to:

  • WARNING: Unable to download from URI.
  • WARNING: Unable to download the list of available providers. Check your internet connection.
  • Unable to find package provider 'NuGet'. It may not be imported yet.

The reason for this is a problem with the cryptographic providers enabled on your system. PowerShell 5.1 enables SSL 3.0 and TLS 1.0 for secure HTTP connections, which are both deprecated in favour of TLS 1.2 and 1.3. You can verify this by running this cmdlet:

Ssl3, Tls

To resolve the issue, enable TLS 1.2:

Set-ItemProperty -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord

The first cmdlet enables TLS 1.2 for 64-bit .NET, the second for 32-bit .NET.

After running the cmdlets, restart Powershell (reboot of the server is not required), and re-check the enabled cryptographics:

Tls, Tls11, Tls12

You can now proceed with installing packages. If NuGet hasn't been installed yet, it will be pulled in and installed as a dependency.