0

There were some vulnerabilities in TLS 1.0 and 1.1, so our staff is updating servers to require TLS 1.2.

The TLS error seems to be happening on the Office 365 Email Polling Receive Location, because after three warnings in Event Log, it then says this:

The adapter "Office365 Outlook Email" raised an error message. Details "The Event Log Error Threshold was reached. The adapter will continue polling, but further event log entries will be suppressed. ".

This is the repeating warning/error up to the point it gives up with the error above.

The adapter "Office365 Outlook Email" raised an error message. Details "Access Token is invalid. Details: AADSTS1002016: You are using TLS version 1.0, 1.1 and/or 3DES cipher which are deprecated to improve the security posture of Azure AD. Your TenantID is: aaaaaaaa-f5eb-4285-ac91-91937b563673. Please refer to https://go.microsoft.com/fwlink/?linkid=2161187 and conduct needed actions to remediate the issue. For further questions, please contact your administrator.".

Does anybody have the BizTalk 2016 Office Outlook adapter working with TLS 1.2? Or any known ways to get-around this error? We have a WCF Custom-Behavior for SendPorts, but that won't work with this Adapter/Receive Port.

NealWalters
  • 17,197
  • 42
  • 141
  • 251
  • 1
    See https://stackoverflow.com/questions/60548418/biztalk-2016-fp-3-cu6-and-tls-1-2-not-working?rq=1 – Dijkgraaf Aug 12 '22 at 23:27
  • Basically you need to set the registry keys to make .Net user TLS 1.2 by default – Dijkgraaf Aug 12 '22 at 23:32
  • @Dijkgraaf Thanks, but I'm worried what else that might break. Have you actually done this, or just the best guess? – NealWalters Aug 16 '22 at 18:14
  • 1
    It does require testing yes. If you just add those two keys it will just try TLS 1.2 first, and then fall back to earlier version of TLS. There are more TLS settings that you can do that will force it to stop using earlier version of TLS all together, and yes, I've done that for a few customers as well. See https://stackoverflow.com/questions/54744919/tls-version-support-for-biztalk-2016 – Dijkgraaf Aug 16 '22 at 19:14
  • 1
    @Dijkgraaf I used the doc here to do the RegEdit, rebooted servers, and now the Office365 ReceiveLocation works. Continuing to monitor for any other issues. – NealWalters Aug 17 '22 at 20:54
  • Does this answer your question? [BizTalk 2016 FP 3 CU6 and TLS 1.2 not working](https://stackoverflow.com/questions/60548418/biztalk-2016-fp-3-cu6-and-tls-1-2-not-working) – Dijkgraaf Aug 17 '22 at 23:12
  • NOTE: Xref this https://stackoverflow.com/questions/73654490/biztalks-2016-office-365-adapter-receivelocation-periodically-shuts-down. We let system service put on maintenance to force TLS 1.2 server wide. Seemed to work well for BizTalk itself. We had a couple of wrapper webservices running on the server that need the newer runtime of .NET. (we had 4.5.2 there) – NealWalters Sep 08 '22 at 20:39

1 Answers1

1

For outlook office 365 authentication basic auth type is deprecated. And this accepts only the oauth 2.0 authentication. For which the token exchange algorithm can only accept the TLS 1.2

So you need to enable the TLS 1.2 both client and server on registry to get ride of token issue

Along with this it also requires tms service

Rajesh
  • 11
  • 2