Emails intermittent failing when sending out of Dynamics GP (Not workflow emails)

We have seen an increase in cases where emails are beginning to fail from within Dynamics GP and logging into Exchange from GP fails.  This is especially true for older versions of GP and in newer versions (GP 18.3 and newer) that have not enabled MFA for GP.  The Exchange team is temporarily disabling basic authentication as a way to remind us that a bigger change is coming.

With older versions of GP we depend on Basic Authentication to authenticate.  When authentication is failing you will be prompted repeatedly to enter your credentials.  Basic authentication has been moving toward being disabled for a long period of time.  That time is coming.  The latest reference to this is in the following blog from the Exchange team

Basic Authentication and Exchange Online – September 2021 Update - Microsoft Tech Community

They have a note.

Today, we are announcing that, effective October 1, 2022, we will begin to permanently disable Basic Auth in all tenants, regardless of usage, with the exception of SMTP Auth.

 We also see the following little snippet.

IMPORTANT: Beginning early 2022, we will selectively pick tenants and disable Basic Auth for all affected protocols except SMTP AUTH for a period of 12-48 hours. After this time, Basic Auth for these protocols will be re-enabled, if the tenant admin has not already re-enabled them using our self-service tools.

With the self-service tool provided you can re-enable basic authentication during that 12–48-hour window or wait and it will enable again.  But again, this will be until October of 2022 when it is disabled altogether.  If you have not already done so you can opt-out for a limited time so basic authentication is not turned off temporarily.  

To avoid an interruption of emails we are recommending upgrading to GP 18.4 and enabling MFA before October 1, 2022. 

EDIT: 01/31/2022

In addition to the steps above we have seen TLS in older versions of GP be an issue.  As different systems update their security protocols this can become an issue for older applications.  For GP an older application is defined as anything prior to GP 18.4

I will give the fix first and then the explanation of why it works.  Do the following steps

1. Make a copy of the following file and edit it.

 C:\Program Files (x86)\Microsoft Dynamics\GPxxxx\Dynamics.exe.config

 2. Verify you have the copy of the file from step 1 in a secure place so you can recover it if you have an issue.

3. Edit the Dynamics.exe.config by adding the following runtime line  just above the ending configuration line "< /configuration >"

<AppContextSwitchOverrides value="Switch.System.Net.DontEnableSystemDefaultTlsVersions=false"/>

so it should look like this with the correct runtime block

Try GP again.  If it does not work copy back the copied Dynamics.exe.config file.

What the above is doing is forcing GP to use TLS 1.2 instead of earlier versions of TLS. 

From the following MS blog  
Transport Layer Security (TLS) best practices with the .NET Framework - .NET Framework | Microsoft Docs

If your app targets .NET Framework 4.7 or later versions, this switch defaults to false. That's a secure default that we recommend. If your app runs on .NET Framework 4.7 or later versions, but targets an earlier version, the switch defaults to true. In that case, you should explicitly set it to false.

By setting the switch to "false" we are forcing communication to take place over TLS 1.2 which should correct the communication protocol needed to send the emails.  This fix will not work on Windows 7 machines or older versions of Server Operating systems.

Workflow emails use SMTP and are covered here

(+) Dynamics GP Workflow intermittent emails failing - Microsoft Dynamics GP Community