Wanted to pen down this for long time, but with latest info I have, it made perfect sense to share with our community regarding the recent connection errors
What is the issue?
When we try to connect to D365 V9 from Plugin registration tool, the connection fails without any proper error and loops back to organization selection screen or login screen.
What is the root cause? TLS1.2 is used in D365 V9 and older versions of TLS are not supported!
Well document root cause available here
Some more info around TLS1.2
Available Fixes:
There can be multiple fixes to this issue, simplest one is install the latest version if available but that not an option right now.
Fix1: Get the latest version of Plugin Registration Tool my friend
The following fixes will also work with Console App/SSRS report authoring Extensions and I prefer the registry fix which seems permanent. Somehow XRMToolbox works only with registry fix.
Fix 2:This works only when fiddler is running(Temp Fix)
Note: Need Telerik Fiddler to be installed in the machine
- Open Fiddler
- Go to Tools in menubar => then select Options or Telerik Fiddler options
- Open HTTPS Tab and look for the highlighted region in below image
- If it is missing TLS1.2, add the same by clicking it and save
Fix 3: Copied from Microsoft Article(Suggested fix - Needs Machine Restart)
- Manually disable RC4 in TLS on systems running .NET Framework 3.5The following steps are primarily for customers running .NET Framework 3.5 on Windows 10 (or on Windows Server Technical Preview 3), for which an update is not available. However, for customer running .NET Framework 3.5 on all earlier affected operating systems, the manual steps serve as an optional alternative to installing the available update.Note These steps require the use of Registry Editor. Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the "Changing Keys And Values" Help topic in Registry Editor (Regedit.exe) or view the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe.
- Create a text file named strongcrypto35-enable.reg that contains the following text:For 32-bit applications on 32-bit systems and 64-bit applications on x64-based systems:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727] "SchUseStrongCrypto"=dword:00000001
For 32-bit applications on x64-based systems:[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727] "SchUseStrongCrypto"=dword:00000001
- Run regedit.exe.
- In Registry Editor, click the File menu and then click Import.
- Navigate to and select the strongcrypto35-enable.reg file that you created in the first step. (Note If your file is not listed where you expect it to be, ensure that it has not been automatically given a .txt file extension, or change the dialog’s file extension parameters to All Files).
- Click Open and then click OK
- Exit Registry Editor and restart the system.
- Manually disable RC4 in TLS on systems running .NET Framework 4.5/4.5.1/4.5.2Despite the fact that an update is available for systems running .NET Framework 4.5/4.5.1/4.5.2, the following steps are primarily for customers with .NET Framework 4.5/4.5.1/4.5.2 applications running on systems with .NET Framework 4.6 present. For customers running only .NET Framework 4.5, 4.5.1, or 4.5.2, the manual steps serve as an optional alternative to installing the available update.Note These steps require the use of Registry Editor. Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the "Changing Keys And Values" Help topic in Registry Editor (Regedit.exe) or view the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe.
- Create a text file named strongcrypto4-enable.reg that contains the following text:For 32-bit applications on 32-bit systems and 64-bit applications on x64-based systems:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 "SchUseStrongCrypto"=dword:00000001
For 32-bit applications on x64-based systems:HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319 "SchUseStrongCrypto"=dword:00000001
- Run regedit.exe.
- In Registry Editor, click the File menu and then click Import.
- Navigate to and select the strongcrypto4-enable.reg file that you created in the first step. (Note If your file is not listed where you expect it to be, ensure that it has not been automatically given a .txt file extension, or change the dialog’s file extension parameters to All Files).
- Click Open and then click OK
- Exit Registry Editor and restart the system.
thanks for post ..after TLS change it works
ReplyDeletevery useful information, the post shared was very nice.
ReplyDeleteMS Dynamics Training in Hyderabad
I really loved reading your blog. It was very well authored and easy to understand. Unlike other blogs I have read which are really not that good.Thanks alot! json formatter
ReplyDelete