How to make sure older versions of CodeTwo migration software support TLS 1.2

This article relates only to older versions (2.x) of CodeTwo migration software. If you're using version 3.x of CodeTwo Exchange Migration / Office 365 Migration, see this article.

Problem:

Starting 31 October 2018, Microsoft makes TLS 1.2 the default security protocol in Office 365. TLS 1.0 and 1.1 still work, but Microsoft does not provide support in case of connection or compatibility issues.

This article explains how to ensure that older versions of CodeTwo migration software (2.x) support TLS 1.2 for communication with Office 365. We recommend following the guidelines below because TLS 1.2 provides better security and allows you to avoid any possible Office 365 connection issues in the future (when Microsoft disables the older TLS versions).

Warning

If you plan to disable TLS 1.0 and 1.1 in your environment and switch entirely to TLS 1.2, you need to make sure that your CodeTwo migration software supports TLS 1.2. Otherwise, you will not be able to use the software to migrate data to/from Office 365: connection to source/target Office 365 will not be possible, your jobs will stop, and you will get various errors. For more information, see Troubleshooting.

Solution:

To ensure that CodeTwo migration software supports TLS 1.2 in your environment, follow these guidelines:

  • If you haven’t started the migration process yet, you need to upgrade the software to the latest version (3.1.0 or newer) because it fully supports TLS 1.2. The upgrade is free of charge. For guidelines, see How to upgrade CodeTwo migration software.
  • If you have finished the migration process but still need the CodeTwo software for future migrations, make sure that all jobs are finished and then upgrade to the latest version. The upgrade is free of charge. The program's settings will not be transferred to the new version.
  • If you are currently in the middle of migration, manually enable TLS 1.2 for the .NET framework on your machine instead of upgrading the program. Upgrading is not recommended as some items may get duplicated on the target server.

How to upgrade CodeTwo migration software

To upgrade CodeTwo Exchange Migration / CodeTwo Office 365 Migration from version 2.x to the latest version (3.x), follow the steps below. The upgrade to version 3.x is free of charge for customers who already own a valid license key for version 2.x.

Before you proceed

  • Before upgrading, finish all the migration jobs that you started while using your current version (2.x) of the program. If you start a job in version 2.x and finish it using version 3.x, some items may become duplicated on the target server.
  • During the upgrade, the software settings from your current version (2.x) will not be transferred to the new version (3.x), and you will need to set up the program from scratch. However, your version 2.x settings will be stored on your local drive in case you decide to roll back to version 2.x.
  1. Download the installer from the program's download page (CodeTwo Exchange Migration | CodeTwo Office 365 Migration) onto the machine where CodeTwo migration software is installed.
  2. Launch the installer and follow the upgrade wizard. If the wizard detects that version 1.x/2.x is already installed on your machine, the wizard will request you to uninstall it.
  3. If you have more instances of the program in your environment, perform the upgrade on each machine where the program is installed.
  4. After the upgrade process is complete, you can launch the program. Transport Layer Security 1.2 is now supported, and you can use the program to migrate data to/from Office 365.

Enable TLS 1.2 for the .NET framework on your machine

If you are currently in the middle of migration, instead of upgrading the program, you need to make the machine where CodeTwo software is installed use TLS 1.2 for Secure Channel (Schannel) and .NET framework (used by CodeTwo software):

  • first, you need to manually set TLS 1.2 as the default security protocol in your system by modifying the Windows registry (Schannel);
  • then you need to set the .NET framework(s) on the machine to use your system's default TLS protocol. Learn how to check your .NET version

For more information and step-by-step guidelines, see this Microsoft blog article (the instructions provided in the article apply not only to the server versions of Windows, but also to the client versions of Windows, e.g. Windows 10).

Troubleshooting

This section describes problems that occur if your environment has TLS 1.0 and 1.1 disabled (TLS 1.2 is your only security protocol), and you're still using a version of CodeTwo migration software that does not support TLS 1.2.

If the solutions provided further do not solve your problems, this might mean that your environment does not support TLS 1.2. See this section to learn more.

The program fails to verify your license status

The program is not able to verify the status of your license (Fig. 1.), and you get the following (or similar) error:

Failed to verify your license status. Check your internet connection and restart the program.
An error occurred while sending the request.

763-1
Fig. 1. License status cannot be verified.

You experience this problem because the software version that you have does not support TLS 1.2 and is therefore not able to connect to Office 365.

To fix this error, you need to make sure that the software supports TLS 1.2. The recommended actions depend on your current migration status - see section Solution for guidelines.

If you followed our guidelines but the error still occurs, check if your environment supports TLS 1.2.

You are not able to configure a connection to Office 365

You are not able to configure a connection to Office 365 (Fig. 2.), and you get the following (or similar) error:

Failed to connect to Office 365 using admin account '[account-name]'.
The request failed. The underlying connection was closed: An unexpected error occurred on a receive.

This error appears for both source and target connections to Office 365 servers when you try to create a new connection or edit an existing one.

763-2
Fig. 2. Connection to Office 365 cannot be established.

You experience this problem because the software version that you have does not support TLS 1.2 and is therefore not able to connect to source/target Office 365.

To fix this error, you need to make sure that the software supports TLS 1.2. The recommended actions depend on your current migration status - see section Solution for guidelines.

If you followed our guidelines but the error still occurs, check if your environment supports TLS 1.2.

You are not able to match mailboxes

You are not able to use the Match mailboxes feature when creating a new migration job or editing an existing one (Fig. 3.). You get the following (or similar) error:

Unable to perform this command.
The request failed. The underlying connection was closed: An unexpected error occurred on a receive.

763-3
Fig. 3. The Match mailboxes feature is not available.

You experience this problem because the software version that you have does not support TLS 1.2 and is therefore not able to connect to Office 365.

To fix this error, you need to make sure that the software supports TLS 1.2. The recommended actions depend on your current migration status - see section Solution for guidelines.

If you followed our guidelines but the error still occurs, check if your environment supports TLS 1.2.

Your migration job fails

Your migration job fails and shows errors on the Job bad news card. This occurs during migrations to/from Office 365 when you:

  • start a new job;
  • pause and then resume an existing job (Fig. 4.);
  • use the Rescan feature.

When you click the error alert, the following (or similar) error is displayed:

Migration job '[job-name]' failed / failed to start.
Reason: The request failed. The underlying connection was closed: An unexpected error occurred on a receive.

763-4
Fig. 4. A migration job fails due to lack of TLS 1.2 support.

You experience this problem because the software version that you have does not support TLS 1.2 and is therefore not able to connect to Office 365.

To fix this error, you need to make sure that the software supports TLS 1.2. The recommended actions depend on your current migration status - see section Solution for guidelines.

If you followed our guidelines but the error still occurs, check if your environment supports TLS 1.2.

How do I check if TLS 1.2 is supported in my environment?

If you followed the guidelines above and ensured that CodeTwo migration software supports TLS 1.2 but you still experience errors related to lack of TLS 1.2 connectivity, you need to make sure your environment supports TLS 1.2 and has it enabled.

  • See this MSDN article to learn about TLS 1.2 availability in Windows.
  • If you're working in a server environment, see this Microsoft blog article for additional information. Some older systems (such as Windows Server 2008) have TLS 1.2 disabled or do not support it at all. The article shows how to ensure your Windows Server and Exchange Server version supports TLS 1.2.