Azure Devops Self hosted Agent Docker Container Connectivity Issues

I already use my computer as a self-hosted agent connected to a azure pipeline workflow.
I’m trying to now run a self-hosted agent in docker for later use on a company own windows 2019 server.
But I’m having connectivity issues.

I’m doing exactly this:
But, when I run this :

docker build -t dockeragent:latest .
docker run -e AZP_URL="https://[CompanyUrl].com/[Collection]" -e AZP_TOKEN="[PAT]" -e AZP_AGENT_NAME="dockeragent" -e AZP_POOL="[Pool]" dockeragent:latest

I expect docker container agent to run start.ps1 script, go to power shell, configure the agent and see a big CLI drawing of Azure Pipelines.

But, what I get is this error.


1. Determining matching Azure Pipelines agent...
Invoke-RestMethod : The underlying connection was closed: Could not establish
trust relationship for the SSL/TLS secure channel.
At C:azpstart.ps1:35 char:12
+ $package = Invoke-RestMethod -Headers @{Authorization=("Basic $base64 ...

I know that these specific lines fail. It’s a failed REST API call.


Write-Host "1. Determining matching Azure Pipelines agent..." -ForegroundColor Cyan

$base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(":$(Get-Content ${Env:AZP_TOKEN_FILE})"))
$package = Invoke-RestMethod -Headers @{Authorization=("Basic $base64AuthInfo")} "$(${Env:AZP_URL})/_apis/distributedtask/packages/agent?platform=win-x64&`$top=1"
$packageUrl = $package[0].Value.downloadUrl

Write-Host $packageUrl

But the thing I don’t understand, is if I just copy paste the URL in my web browser


It works without a hitch and I see my JSON data from the Get operation.
It just doesn’t work from inside the container. I’m lost.

Any Hints?

What I tried:

  1. I tried a popular fix I saw online.
    I added this line in my start.ps1 script.But I saw no visible change, I got the same problem.
[Net.ServicePointManager]::SecurityProtocol = "tls12, tls11, tls"
  1. I tried using a less secure http URL we have to go on our Azure Devops Platform. It’s a legacy URL.

http://[TFS Extension].[Server].com/[Collection]/_apis/distributedtask/packages/agent?platform=win-x64&`$top=1

It actually worked, I didn’t get the error above, so now I’m just confused.
I would like it to work with the more secure https link.

Source: Docker Questions