If you see the following error when trying to run cmdlets from the Citrix Remote PowerShell SDK

“Could not establish trust relationship for the SSL/TLS secure channel with authority ‘localhost’.”

Check and make sure you are running PowerShell in its 64-bit flavour, and not 32-bit (x86).

WTF?

I had this issue recently when automating some tasks with Jenkins talking to Citrix Cloud, using the Citrix Remote PowerShell SDK:

On the same host as Jenkins, if I ran a PowerShell shell, and ran the exact same script, it’d work fine.

If I ran it in Jenkins, it would fail with an error like this:

Get-BrokerServiceInstance : Could not establish trust relationship for the SSL/TLS secure channel with authority 'localhost'.
At C:\WINDOWS\TEMP\jenkins297054977088542623.ps1:66 char:3
+ Get-BrokerServiceInstance
+ ~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Get-BrokerServiceInstance],SdkOperationException
+ FullyQualifiedErrorId : Citrix.XDPowerShell.Broker.NoServerErrorId,Citrix.Broker.Admin.SDK.GetBrokerServiceInstanceCommand

Root Cause

The root cause is there’s something up with 32-bit PowerShell and the Citrix Remote PowerShell SDK.

Jenkins runs the 32-bit version of PowerShell because Jenkins itself is 32-bit. The reason the script worked in a PowerShell shell on the Jenkins host, was because the default on Windows is 64-bit PowerShell. As soon as I forced PowerShell 32-bit, I could reproduce the problem.

The Fix

The fix is to force Jenkins to use PowerShell 64-bit. There’s two options I found:

  1. You can workaround it with some good tips here: https://adamtheautomator.com/jenkins-powershll-64bit/#method-3-using-the-sysnative-powershell
  2. Or you can fix it fully by making Jenkins run on 64-bit Java: https://stackoverflow.com/questions/28331924/jenkins-powershell-plugin-is-running-32-bit-powershell-and-i-need-64bit