Helix SDK fails to pull files from netcorenativeassets because of SSL errors

[premun]

Seems like downloading of the profile can fail: dotnet/runtime#67349

##[error].packages/microsoft.dotnet.helix.sdk/7.0.0-beta.22179.1/tools/xharness-runner/XHarnessRunner.targets(122,5): error MSB4018: The "CreateXHarnessAppleWorkItems" task failed unexpectedly.
System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: RevocationStatusUnknown
   at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception)
   at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions)
   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)

It is failing the rolling build of runtime: https://dev.azure.com/dnceng/public/_build/results?buildId=1694490&view=logs&j=f4520fb1-1559-5885-1d9c-3cb3f6a85e23&t=6c7a8cfe-f92e-569a-eef9-b2ad3e13056d

[premun]

There were no code changes in that area for month, I am suspecting that some agents might have problems with TLS 1.2 or something like that is happening

[premun]

This happens on following agents:

Operating System

• macOS 11.6.5 20G527

Virtual Environment

• Environment: macos-11
• Version: 20220322.1
• Included Software: https://github.com/actions/virtual-environments/blob/macOS-11/20220322.1/images/macos/macos-11-Readme.md
• Image Release: https://github.com/actions/virtual-environments/releases/tag/macOS-11%2F20220322.1

Virtual Environment Provisioner

• 1.0.0.0-main-20220307-1
• Current image version: '20220322.1'

[premun]

Fix was merged, it now needs to flow to runtime and then we can monitor Kusto for the alerts:

TimelineIssues
| where Type == "error" and Message contains "CreateXHarnessAppleWorkItems"
| join kind=inner TimelineBuilds on BuildId
| where StartTime > now() - 7d
| order by StartTime desc
| project QueueTime, Project, Repository, Reason, BuildNumber, Definition, SourceBranch

If things are good for a couple of days, we can close this

[agocke]

Have we ever seen this on MacOS 12? Should we try moving to 12.0 build machines to see if that addresses the TLS failures?

[premun]

We could but I think updating the SDK in runtime should do the trick too.

I understand you're blocked because of the .NET 7.0 bump but this PR should help:
dotnet/runtime#68024

For 12.00, we were not able to move originally as there were some blockers for MacCatalyt and iOS simulators but those have been resolved and we could do that as well. I don't know if it will help this issue though (we don't have data on this as it only manifests rarely).

[premun]

This is blocked by dotnet/runtime#67771

[premun]

There were no occurrences in the last 6 days so feels like the fix helped, closing...