[BUG]: AzureRMWebAppDeployment fails with ##[error]Error: Error Code: ERROR_CERTIFICATE_VALIDATION_FAILED

[KristofKuli]

New issue checklist

• I searched for existing GitHub issues
• I read pipeline troubleshooting guide
• I checked how to collect logs

Task name

AzureRMWebAppDeployment@4

Task version

4.229.0

Issue Description

This task fails for about two months now, as it is unable to valid the certificate in the web application. So far we have followed up the issue with Microsoft support, but they couldn't help us. Hence we want to check, if maybe you can help with this. We are using self-hosted VMSS pool, with Windows 2022 OS and we are using the GitHub Action Runner Images as baseimage.
https://github.com/actions/runner-images

The certificates set in the Azure Web App are Cloudflare ones and they are valid until 2025.
Can you please recommend some troubleshooting steps, so we could find out why this task is failing? Previously it was working fine, it started failing right after the CrowdStrike incident. We are aware that it has nothing to with this issue, but that's when this problem occurred first and still persist.

Note: we have an VMSS Ubuntu pool, which is using the same runner image and the issue doesn't appear there. Unfortuantely our customer can run the pipeline only on Windows pool, since they are using XML transformation.

Environment type (Please select at least one enviroment where you face this issue)

• Self-Hosted
• Microsoft Hosted
• VMSS Pool
• Container

Azure DevOps Server type

dev.azure.com (formerly visualstudio.com)

Azure DevOps Server Version (if applicable)

No response

Operation system

Windows 2022

Relevant log output

##[warning]To use a certificate in App Service, the certificate must be signed by a trusted certificate authority. If your web app gives you certificate validation errors, you're probably using a self-signed certificate and to resolve them you need to pass -allowUntrusted in additional arguments of web deploy option.
##[error]Error: Error Code: ERROR_CERTIFICATE_VALIDATION_FAILED
More Information: Connected to the remote computer ("frp-d-bucketer.scm.azurewebsites.net") using the specified process ("Web Management Service"), but could not verify the server’s certificate. If you trust the server, connect again and allow untrusted certificates. Learn more at: https://go.microsoft.com/fwlink/?LinkId=221672#ERROR_CERTIFICATE_VALIDATION_FAILED.
Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
Error: The remote certificate is invalid according to the validation procedure.
Error count: 1.

Full task logs with system.debug enabled

 Starting: AzureRmWebAppDeployment
==============================================================================
Task         : Azure App Service deploy
Description  : Deploy to Azure App Service a web, mobile, or API app using Docker, Java, .NET, .NET Core, Node.js, PHP, Python, or Ruby
Version      : 4.229.0
Author       : Microsoft Corporation
Help         : https://aka.ms/azureappservicetroubleshooting
==============================================================================
Got service connection details for Azure App Service:'frp-d-bucketer'
C:\a\_tasks\AzureRmWebAppDeployment_497d490f-eea7-4f2b-ab94-48d9c1acdcb1\4.229.0\node_modules\azure-pipelines-tasks-webdeployment-common\7zip\7zip\7z.exe x -oC:\a\_temp\temp_web_package_28715415481665096 C:\a\1\a\Bucketer.zip
7-Zip [64] 16.00 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-10
Scanning the drive for archives:

1 file, 28710087 bytes (28 MiB)
Extracting archive: C:\a\1\a\Bucketer.zip
Path = C:\a\1\a\Bucketer.zip

Type = zip

Physical Size = 28710087
Everything is Ok
Folders: 157

Files: 1081

Size:       88551475

Compressed: 28710087

ConnectionString attributes in Web.config is parameterized by default. Note that the transformation has no effect on connectionString attributes as the value is overridden during deployment by 'Parameters.xml or 'SetParameters.xml' files. You can disable the auto-parameterization by setting /p:AutoParameterizationWebConfigConnectionStrings=False during MSBuild package generation.

C:\a_tasks\AzureRmWebAppDeployment_497d490f-eea7-4f2b-ab94-48d9c1acdcb1\4.229.0\ctt\ctt.exe s:C:\a_temp\temp_web_package_28715415481665096\Content\C_C\a\1\s\Bucketer\obj\Release\Package\PackageTmp\Web.config t:C:\a_temp\temp_web_package_28715415481665096\Content\C_C\a\1\s\Bucketer\obj\Release\Package\PackageTmp\Web.Release.config d:C:\a_temp\temp_web_package_28715415481665096\Content\C_C\a\1\s\Bucketer\obj\Release\Package\PackageTmp\Web.config pw i verbose

Start tranformation to 'C:\a_temp\temp_web_package_28715415481665096\Content\C_C\a\1\s\Bucketer\obj\Release\Package\PackageTmp\Web.config'.

Source file: 'C:\a_temp\temp_web_package_28715415481665096\Content\C_C\a\1\s\Bucketer\obj\Release\Package\PackageTmp\Web.config'.

Transform  file: 'C:\a_temp\temp_web_package_28715415481665096\Content\C_C\a\1\s\Bucketer\obj\Release\Package\PackageTmp\Web.Release.config'.

Transformation task is using encoding 'System.Text.UTF8Encoding'. Change encoding in source file, or use the 'encoding' parameter if you want to change encoding.

Executing RemoveAttributes (transform line 18, 18)

on /configuration/system.web/compilation

Applying to 'compilation' element (no source line info)

Removed 'debug' attribute
Successfully added release annotation to the Application Insight : appi-frp-d-insights

Successfully updated deployment History at https://frp-d-bucketer.scm.azurewebsites.net/api/deployments/104615651728990609652

App Service Application URL: https://frp-d-bucketer.azurewebsites.net/ 

Repro steps

No response