TLS Issue on NAV2013

Microsoft recently decided to start disabling the Transport Layer Security protocols: TLS 1.0 and 1.1 on Microsoft 365 service. Due to this new policy, one of our clients who currently using NAV 2013 became unable to send email. Every time users try to send an email, they will get the error from SMTP Mail Server saying “Authentication failed because the remote party has closed the transport stream.”. If they try multiple times, the email will somehow get through.

NAV uses the server’s security protocol to send an email, and the NAV is currently sits on Windows Server 2008 R2 which by default does not support TLS1.2.

To solve this issue, we needed to find a way to enable TLS1.2 on Windows Server 2008 R2 by using Regedit (Registry Editor). Make sure you backup the registry first before attempting to do this. Also make sure that you have at least Microsoft .NET Framework 4.5.2 installed on the server.

First step is to turn on support for TLS 1.2 by creating TLS1.2 Server and Client folders in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\

For both folders, create a new DWORD value named DisabledByDefault and set the value to 0. Create again a new DWORD value named Enabled and set the value to 1.

Browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp. create a new DWORD value named DefaultSecureProtocols and set the value to 800. On a 64-bit version, you also need to do it on HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp.

Browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319. create a new DWORD value named SchUseStrongCrypto and set the value to 1. On a 64-bit version, you also need to do it on HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft.NETFramework\v4.0.30319 .

Once you finished with all the above steps, restart the server, and you can start sending email again from NAV without any error message.

thatnavguy

Experienced NZ-based NAV Developer and Consultant with 15+ years of experience leading multiple IT projects, performing business analyst, developing, implementing, and upgrading Dynamics NAV and Business Central. Passionate to deliver solution that focuses on user-friendly interface while keeping high standard of compliance with the needs.

You may also like...

10 Responses

  1. sami says:

    Does this workaround would solve problem for accessing development environment 2013 connectivity issue as well?
    i.e.,Issue of accessing the Nav Development Environment after we disable TLS 1.1 and TLS1.0 in the MSSQL server for the Navision system.

  2. Nate says:

    Thanks for creating this post.
    I have been struggling with this issue for days. I kept saying it was an infrastructure issue, while they kept saying it was a NAV issue and we weren’t getting anywhere until I saw this post. Sent your blog to them, so hopefully, we can put this issue to rest once in for all.

  3. Bill says:

    You saved me from recompiling a bunch of old code and re-deploying. Can’t thank you enough for this post.

    Our client complained today they haven’t been getting their emailed reports for almost 2 weeks. The error was the same as you described above. I was hoping there was a registry hack, and then I found your post.

    Even though I’m not dealing with Microsoft Dynamics, I was able to use your registry updates with great success.

    Very thankful there are folks like you out there taking the time to document fixes!

  4. Pavel says:

    Thank you! Recommendation works properly!

  1. 8 March 2021

    […] TLS Issue on NAV2013 […]

Leave a Reply

Your email address will not be published. Required fields are marked *