How to make sure CodeTwo Backup supports TLS 1.2

Problem:

Starting 31 October 2018, Microsoft makes TLS 1.2 the default security protocol in Office 365. TLS 1.0 and 1.1 still work, but Microsoft does not provide support in case of connection or compatibility issues.

This article explains how to ensure that CodeTwo Backup for Office 365 supports TLS 1.2 for communication with Office 365. We recommend following the guidelines below because TLS 1.2 provides better security and allows you to avoid any possible Office 365 connection issues in the future (when Microsoft disables the older TLS versions).

Warning

If you plan to disable TLS 1.0 and 1.1 in your environment and switch entirely to TLS 1.2, you need to update CodeTwo Backup to the version that supports TLS 1.2. Otherwise, you will not be able to use the software to back up your Office 365 data: connection to Office 365 will not be possible, your jobs will stop, and you will get various errors. For more information, see Troubleshooting.

Solution:

To ensure that CodeTwo Backup for Office 365 supports TLS 1.2 in your environment, you need to:

How to update CodeTwo Backup for Office 365

To enable support for TLS 1.2 in CodeTwo Backup for Office 365, you need to update the software to the latest version by following these steps:

  1. Download the installer from the program's download page onto the machine where CodeTwo Backup for Office 365 is installed.
  2. Before you proceed, close the Administration Panel of CodeTwo Backup. You do not need to stop the Windows services related to the program - if any jobs are running in the background, they will be stopped and resumed automatically after the update.
  3. Launch the downloaded installer and install the program.
  4. If you have more instances of the program in your environment, perform the update on each machine where the program is installed.
  5. After the update process is complete, you can launch the program. All of your settings and jobs are retained.
  6. The program now supports Transport Layer Security 1.2, and you can use it to back up your Office 365 mailboxes and public folders.

(Optional) Enable TLS 1.2 for the .NET framework on your machine

If you cannot update CodeTwo Backup for Office 365 to the latest version right away (which is our recommended solution), you can work around the problem manually by making the machine where the program is installed use TLS 1.2 for Schannel and .NET framework:

  • first, you need to manually set TLS 1.2 as the default security protocol in your system by modifying the Windows registry (Schannel);
  • then you need to set the .NET framework(s) on the machine to use your system's default TLS protocol. Learn how to check your .NET version

For more information and step-by-step guidelines, see this Microsoft blog article (the instructions provided in the article apply not only to the server versions of Windows, but also to the client versions of Windows, e.g. Windows 10).

Troubleshooting

This section describes problems that occur if your environment has TLS 1.0 and 1.1 disabled (TLS 1.2 is your only security protocol), and you're still using a version of CodeTwo Backup for Office 365 that does not support TLS 1.2.

You are not able to configure a connection to Office 365 (Failed to connect to Exchange Server)

You are not able to configure a connection to Office 365 (Fig. 1.), and you get the following (or similar) error:

Failed to connect to Exchange Server using account '[account-name]'.
The request failed. The underlying connection was closed: An unexpected error occurred on a receive.

762-1
Fig. 1. Connection to Office 365 cannot be established.

You experience this problem because the software version that you have does not support TLS 1.2 and is therefore not able to connect to your Office 365.

To fix this error, you need to update the program to the latest version.

If the error still occurs after the update, you should make sure your environment supports TLS 1.2.

You are not able to select Office 365 public folders to be backed up or restored

You are not able to select Office 365 public folders when creating a new backup/restore job or modifying an existing job (Fig. 2.). You get the following (or similar) errors:

The request failed. The underlying connection was closed: An unexpected error occurred on a receive.

762-2
Fig. 2. Office 365 public folders cannot be displayed.

You experience this problem because the software version that you have does not support TLS 1.2 and is therefore not able to connect to your Office 365.

To fix this error, you need to update the program to the latest version.

If the error still occurs after the update, you should make sure your environment supports TLS 1.2.

Your Office 365 backup/restore job fails

Your Office 365 backup/restore job cannot be completed. The mailboxes cannot be backed up or restored, and the job fails (Fig. 3.) or shows errors (Fig. 4.) on the Job bad news card. When you click the alert, the following error is displayed:

The request failed. The underlying connection was closed: An unexpected error occurred on a receive.

762-3
Fig. 3. A job fails due to lack of TLS 1.2 support.

762-4
Fig. 4. Mailbox backup fails because TLS 1.2 is not supported.

You experience this problem because the software version that you have does not support TLS 1.2 and is therefore not able to connect to your Office 365.

To fix this error, you need to update the program to the latest version.

If the error still occurs after the update, you should make sure your environment supports TLS 1.2.

How do I check if TLS 1.2 is supported in my environment?

If you updated CodeTwo software to support TLS 1.2 but you still experience errors related to lack of TLS 1.2 connectivity, you should make sure your environment supports TLS 1.2 and has it enabled.

  • See this MSDN article to learn about TLS 1.2 availability in Windows.
  • If you're working in a server environment, see this Microsoft blog article for additional information. Some older systems (such as Windows Server 2008) have TLS 1.2 disabled or do not support it at all. The article shows how to ensure your Windows Server and Exchange Server version supports TLS 1.2.