Ask the community

SWG Login - How to Log In to the Powershell Interactive login's

rfletcher
New Contributor III

Has anyone had any issues with interactive login's executed via powershell when behind the Netskope SWG?

For example: when connecting to exchange online or any kind of Microsoft service via powershell you are typically prompted with a O365 login prompt but when behind SWG we get "New-ExoPSSession : An error occurred while sending the request.."

I found 2 work arounds 1) disabling the Netskope client and 2) custom app in the steering configuration to bypass login.microsoft.com when connecting via powershell.exe. I'm wondering if anyone else had experienced this or could think of another work around.

-Ryan
1 Solution
sshiflett
Netskope
Netskope

Welcome to the Netskope community.  The likely reason for this is that many development tools such as Powershell don't trust the system certificate store for TLS inspection.   When you bypass Netskope by disabling the client or the certificate pinned application, you are no longer inspecting this traffic so it works.  There's usually two options for apps that don't trust the system certificate store:

1.  Bypass the application from inspection via a steering or TLS inspection bypass (easiest resolution but limits visibility)
2. Import the Netskope certificate into the application so it trusts the certificate or configure the application to trust the system certificate store. 

You've already performed the first step but if you'd like to have Powershell trust the system store, you can follow the instructions here:

https://support.netskope.com/hc/en-us/articles/360023228553


Sam Shiflett
Netskope Solution Architect - North America

View solution in original post

2 Replies 2
sshiflett
Netskope
Netskope

Welcome to the Netskope community.  The likely reason for this is that many development tools such as Powershell don't trust the system certificate store for TLS inspection.   When you bypass Netskope by disabling the client or the certificate pinned application, you are no longer inspecting this traffic so it works.  There's usually two options for apps that don't trust the system certificate store:

1.  Bypass the application from inspection via a steering or TLS inspection bypass (easiest resolution but limits visibility)
2. Import the Netskope certificate into the application so it trusts the certificate or configure the application to trust the system certificate store. 

You've already performed the first step but if you'd like to have Powershell trust the system store, you can follow the instructions here:

https://support.netskope.com/hc/en-us/articles/360023228553


Sam Shiflett
Netskope Solution Architect - North America
rfletcher
New Contributor III

That support article is what i really needed. Thank you!

-Ryan
Subscribe
Labels

In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below

Sign In