måndag 8 januari 2018

Something happened around new year with Dynamics 365 Customer Engagement Enterprise Edition

Before Christmas we did an integration between an ERP system and Dynamics 365 Customer Engagement Enterprise Edition using the Web API. This integration was running fine until January 3 at 21.32 UTC+1 and by then it couldn't retrieve any data from Dynamics 365.

The only error that was thrown was that one or more errors had occurred and in the inner exception of that it said that "The underlying connection was closed: An unexpected error occurred on a send." and at some other level "An error occurred while sending the request". Not much to go on.

I was pointed to this page by Thomas Sandsør on Facebook (from Microsoft, somewhat safe to open :)) saying that TLS 1.0 and 1.1 will stop working at some time and if you move to .NET 4.6.2 you will be fine.

Now, that didn't quite happen since I still had the same issue running .NET 4.6.2. Digging continues and to my surprise I actually found something at stack overflow (maybe a bit less safe to click on) where they said that you should be able to connect by just using "https" in the connection string but I also found this line of code:"System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;"

Adding that to my code, which it seems I can do pretty much anywhere before I do a call, solves the problem and I'm again able to connect and retrieve data from the Web API.
The funny thing is that I was able to get a token all the time so the authentication actually worked, it was just the GET and PATCH and so on, I guess since the program crashed badly at the GET so I really don't know about the rest but it seems plausable.

Hope this helps.

After reading Marius comment below I continued to search for a solution that didn't mean I hardcoded the TLS version which I agree is a ugly solution. This lead me to the following page at Microsoft which says that you have to opt in to get the TLS 1.2 version, that wasn't clear to me earlier so now it works on .NET 4.7 with the following row added to the config file
   <AppContextSwitchOverrides value="Switch.System.ServiceModel.DisableUsingServicePointManagerSecurityProtocols=false;Switch.System.Net.DontEnableSchUseStrongCrypto=false" /> 

Rickard Norström
Developer at CRM-Konsulterna

2 kommentarer:

  1. What does your code look like?
    If this is a web service, check your web.config to see whether the target framework is set to 4.6 or 4.5.2
    Application override isn't very good for maintaining code.

  2. Thanks Marius. This is a console program and a windows service (pretty much the same) and it didn't help to change the .Net version to 4.6.2 or 4.7. That's why I ended up with the system.net.servicepointmanager... which is sort of strange since all info I've found states that if you run 4.6.2 or higher it should default to the highest TLS version available.