If you are reading this most likely you ran into the same issues we did. Where some of your deployments started to fail due to Azure removing support for TLS 1.0 and 1.1. This post will provide you with a list of useful resources we found to help you get you quickly back up and running and not digging for answers on Google.

Authentication failed: AADSTS1002016: You are using TLS version 1.0, 1.1 and/or 3DES cipher which are deprecated to improve the security posture of Azure AD.

Before starting with the steps below we recommend downloading the latest updates from Windows Update and ensuring the .NET 4.8 runtime is installed on the server. Having the latest runtime ensures support for newer cipher suites. You will also need to restart the server a few times so plan for downtime.

Azure DevOps Readiness checker

Microsoft have a Powershell script on their Github to identify if there are any issues on your server and provide additional steps that need to be performed to fix the issue.

You can find the Readiness checker here: https://github.com/microsoft/azure-devops-tls12

Grab the AzureDevOpsTls12Analysis.ps1 script and run it on your server, it will attempt to probe https://status.dev.azure.com/ and through this probing identify what your server is missing.

Don’t just double click the script as it will run and then close the Window straight away which is not really helpful! Open a Powershell Window and call it from there.

If there are issues the tool will tell you and list out what is missing, most likely some registry settings need to be applied. The script will generate some new Powershell files for you to run these will have commands to update the required registry settings, run these files and then restart your server.

Once restarted run the tool again and see if it now reports no issues.

Honorable mention that helped me: IIS Crypto

There is a tool available called IIS Crypto that can show at a glance what settings you have enabled, however this wasn’t enough to fix all my issues but it did point me in the right direction.

https://www.nartac.com/Products/IISCrypto/

Download the exe and run it on the server, it will report what settings are enabled and allow you to apply the required registry settings. This will then require a server restart.

Need some help?

If you are struggling with this issue and would like some assistance, get in touch with Moriyama and we can help you work through this issue for your business.

Send us a message

If you would prefer to speak to someone, please give us a call on 020 3745 4285