The views and opinions expressed in this blog are those solely of the author(s) and do not necessarily reflect Microsoft’s current policy, position, or branding. For official announcements and guidance on Dynamics 365 apps and services, please visit the Microsoft Dynamics 365 Blog.
Personalized Community is here!
Quickly customize your community to find the content you seek.
Now Available in Community - New TechTalk Videos for 2020
Read More about New TechTalks for 2020
2020 Release Wave 2Discover the latest updates and new features to Dynamics 365 planned through March 2021.
Release overview guides and videos Release Plan | Preview 2020 Release Wave 2 TimelineWatch the 2020 Release Wave 1 virtual launch event
Ace your Dynamics 365 deployment with packaged services delivered by expert consultants. | Explore service offerings
Connect with the ISV success team on the latest roadmap, developer tool for AppSource certification, and ISV community engagements | ISV self-service portal
The FastTrack program is designed to help you accelerate your Dynamics 365 deployment with confidence.
FastTrack Program | Finance TechTalks | Customer Engagement TechTalks | Upcoming TechTalks
By James O'Connor, Senior Consultant, Arbela Technologies
Starting with Dynamics 365 (online) version 9.0, Microsoft will begin requiring connections to customer engagement applications to utilize TLS 1.2 (or better) security. Any connections to Dynamics 365 (online), version 9.x will fail if they do not use TLS 1.2 security protocol. This will impact several Dynamics services including access to the Dynamics 365 Customer Engagement (CRM) web application.
TLS 1.0 deprecation plan may require the following:
How will you be impacted?
Any connections to Dynamics 365 (online), version 9.x will fail if they do not use TLS 1.2 security protocol. This will impact several Dynamics services (listed below), including access to the Dynamics 365 Customer Engagement web application.
A quick way to determine what TLS version will be requested by various clients when connecting to your online services is by referring to the Handshake Simulation at Qualys SSL Labs.
Supported versions of Internet Explorer and Microsoft Edge
Supported non-Internet Explorer web browsers
Supported versions of Microsoft Office
Ensuring support for TLS 1.2 across deployed operating systems
Many operating systems have outdated TLS version defaults or support ceilings that need to be accounted for. Usage of Windows 8/Server 2012 or later means that TLS 1.2 will be the default security protocol version:
Below are some potential connectivity errors you might encounter when non-TLS 1.2 security protocol is used:
Microsoft.Xrm.Tooling.CrmConnectControl Information: 8 : Login Status in Connect is =? Validating connection to Microsoft Dynamics CRM...
Microsoft.Xrm.Tooling.Connector.CrmServiceClient Error: 2 : ERROR REQUESTING Token FROM THE Authentication context
Microsoft.Xrm.Tooling.Connector.CrmServiceClient Error: 2 : Source? : mscorlib
Method?? : ThrowIfExceptional
Error??????? : One or more errors occurred.
Stack Trace????????????? : at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.ExecuteAuthenticateServiceProcess(Uri serviceUrl, ClientCredentials clientCredentials, UserIdentifier user, String clientId, Uri redirectUri, PromptBehavior promptBehavior, String tokenCachePath, Boolean isOnPrem, String authority, Uri& targetServiceUrl, AuthenticationContext& authContext, String& resource)
Inner Exception Level 1:
Error: Object reference not set to an instance of an object.
Stack Trace: at Microsoft.IdentityModel.Clients.ActiveDirectory.HttpWebResponseWrapper.Close()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationParameters.d__8.MoveNext() "
Developer tools error:
Inner Exception Level 1 :
Error?: The underlying connection was closed: An unexpected error occurred on a send.
Stack Trace: at System.Net.HttpWebRequest.GetResponse()
at System.ServiceModel.Description.MetadataExchangeClient.MetadataLocationRetriever.DownloadMetadata(TimeoutHelper timeoutHelper)
at System.ServiceModel.Description.MetadataExchangeClient.MetadataRetriever.Retrieve(TimeoutHelper timeoutHelper)
Inner Exception Level 2 :
Error?: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
Stack Trace: at System.Net.Sockets.NetworkStream.Read(Byte buffer, Int32 offset, Int32 size)
at System.Net.FixedSizeReader.ReadPacket(Byte buffer, Int32 offset, Int32 count)
at System.Net.Security.SslState.StartReceiveBlob(Byte buffer, AsyncProtocolRequest asyncRequest) "
Microsoft recommends customers proactively address weak TLS usage by removing TLS 1.0/1.1 dependencies in their environments and disabling TLS 1.0/1.1 at the operating system level where possible. Given the length of time, TLS 1.0/1.1 has been supported by the software industry, it is highly recommended that any TLS 1.0/1.1 deprecation plan include the following:
To learn more about removing dependencies on TLS 1.0/1.1 and updating to TLS 1.2 please review the following whitepaper: “Solving the TLS 1.0 Problem”
Business Applications communities