If you see the following error when trying to run cmdlets from the Citrix Remote PowerShell SDK
“Could not establish trust relationship for the SSL/TLS secure channel with authority ‘localhost’.”
Check and make sure you are running PowerShell in its 64-bit flavour, and not 32-bit (x86).
I had this issue recently when automating some tasks with Jenkins talking to Citrix Cloud, using the Citrix Remote PowerShell SDK:
Jenkins has defeated me this evening. I can make the exact same script run on the jenkins host in its own powershell window, but it fails inside jenkins saying “Get-BrokerSession : Could not establish trust relationship for the SSL/TLS secure channel with authority ‘localhost’.”
— Phil Wiffen (@phil_wiffen) May 10, 2020
On the same host as Jenkins, if I ran a PowerShell shell, and ran the exact same script, it’d work fine.
If I ran it in Jenkins, it would fail with an error like this:
Get-BrokerServiceInstance : Could not establish trust relationship for the SSL/TLS secure channel with authority 'localhost'.
At C:\WINDOWS\TEMP\jenkins297054977088542623.ps1:66 char:3
+ CategoryInfo : InvalidOperation: (:) [Get-BrokerServiceInstance],SdkOperationException
+ FullyQualifiedErrorId : Citrix.XDPowerShell.Broker.NoServerErrorId,Citrix.Broker.Admin.SDK.GetBrokerServiceInstanceCommand
The root cause is there’s something up with 32-bit PowerShell and the Citrix Remote PowerShell SDK.
Jenkins runs the 32-bit version of PowerShell because Jenkins itself is 32-bit. The reason the script worked in a PowerShell shell on the Jenkins host, was because the default on Windows is 64-bit PowerShell. As soon as I forced PowerShell 32-bit, I could reproduce the problem.
The fix is to force Jenkins to use PowerShell 64-bit. There’s two options I found:
- You can workaround it with some good tips here: https://adamtheautomator.com/jenkins-powershll-64bit/#method-3-using-the-sysnative-powershell
- Or you can fix it fully by making Jenkins run on 64-bit Java: https://stackoverflow.com/questions/28331924/jenkins-powershell-plugin-is-running-32-bit-powershell-and-i-need-64bit