TLS Issue on NAV2013

Microsoft recently decided to start disabling the Transport Layer Security protocols: TLS 1.0 and 1.1 on Microsoft 365 service. Due to this new policy, one of our clients who currently using NAV 2013 became unable to send email. Every time users try to send an email, they will get the error from SMTP Mail Server saying “Authentication failed because the remote party has closed the transport stream.”. If they try multiple times, the email will somehow get through.

NAV uses the server’s security protocol to send an email, and the NAV is currently sits on Windows Server 2008 R2 which by default does not support TLS1.2.

To solve this issue, we needed to find a way to enable TLS1.2 on Windows Server 2008 R2 by using Regedit (Registry Editor). Make sure you backup the registry first before attempting to do this. Also make sure that you have at least Microsoft .NET Framework 4.5.2 installed on the server.

First step is to turn on support for TLS 1.2 by creating TLS1.2 Server and Client folders in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\

For both folders, create a new DWORD value named DisabledByDefault and set the value to 0. Create again a new DWORD value named Enabled and set the value to 1.

Browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp. create a new DWORD value named DefaultSecureProtocols and set the value to 800. On a 64-bit version, you also need to do it on HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp.

Browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319. create a new DWORD value named SchUseStrongCrypto and set the value to 1. On a 64-bit version, you also need to do it on HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft.NETFramework\v4.0.30319 .

Once you finished with all the above steps, restart the server, and you can start sending email again from NAV without any error message.