How to make sure CodeTwo migration software supports TLS 1.2
Problem:
Starting 31 October 2018, Microsoft makes TLS 1.2 the default security protocol in Office 365. TLS 1.0 and 1.1 still work, but Microsoft does not provide support in case of connection or compatibility issues.
This article explains how to ensure that CodeTwo migration software supports TLS 1.2 for communication with Office 365. We recommend following the guidelines below because TLS 1.2 provides better security and allows you to avoid any possible Office 365 connection issues in the future (when Microsoft disables the older TLS versions).
Warning
If you plan to disable TLS 1.0 and 1.1 in your environment and switch entirely to TLS 1.2, you need to update CodeTwo migration software to the version that supports TLS 1.2. Otherwise, you will not be able to use the software to migrate data to/from Office 365: connection to source/target Office 365 will not be possible, your jobs will stop, and you will get various errors. For more information, see Troubleshooting.
Solution:
To ensure that CodeTwo migration software supports TLS 1.2 in your environment, you need to:
- Make sure that you are using the latest version of the CodeTwo software (3.1.0 or newer), as it fully supports TLS 1.2. You can compare the number of the version you're using (displayed on the program's title bar) with the version on the software's download page (CodeTwo Exchange Migration | CodeTwo Office 365 Migration).
- If you're not using the latest version, you need to update the software. For guidelines, see How to update CodeTwo migration software. This is the recommended solution.
- If it's not possible for you to update your CodeTwo software right away (e.g. because you're currently in the middle of a migration), you can manually enable TLS 1.2 for the .NET framework on your machine.
How to update CodeTwo migration software
To enable support for TLS 1.2 in CodeTwo migration software, you need to update the software to the latest version by following these steps:
- Download the installer from the program's download page (CodeTwo Exchange Migration | CodeTwo Office 365 Migration) onto the machine where CodeTwo migration software is installed.
- Before you proceed, close the Administration Panel of your CodeTwo migration program. You do not need to stop any Windows services related to the program.
Warning
If any jobs are running in the background, they will be paused by the installer, and you will have to resume them manually after the update.
If you are updating the program to version 3.2.x, you first need to uninstall the current version of your CodeTwo migration tool. Learn more
- Launch the downloaded installer and install the program.
- If you have more instances of the program in your environment, perform the update on each machine where the program is installed.
- After the update process is complete, you can launch the program.
- The program now supports Transport Layer Security 1.2, and you can use it to migrate data to/from Office 365.
(Optional) Enable TLS 1.2 for the .NET framework on your machine
An alternative solution to TLS-related problems is to make the machine where CodeTwo software is installed use TLS 1.2 for Schannel and .NET framework:
- first, you need to manually set TLS 1.2 as the default security protocol in your system by modifying the Windows registry (Schannel);
- then you need to set the .NET framework(s) on the machine to use your system's default TLS protocol. Learn how to check your .NET version
For more information and step-by-step guidelines, see this Microsoft blog article (the instructions provided in the article apply not only to the server versions of Windows, but also to the client versions of Windows, e.g. Windows 10).
Troubleshooting
This section describes problems that occur if your environment has TLS 1.0 and 1.1 disabled (TLS 1.2 is your only security protocol), and you're still using a version of CodeTwo migration software that does not support TLS 1.2.
- The program fails to verify your license status
- You are not able to configure a connection to Office 365
- You are not able to match mailboxes
- Your Office 365 migration job fails
- Your IMAP migration job fails
The program fails to verify your license status
The program is not able to verify the status of your license (Fig. 1.), and you get the following (or similar) error:
Failed to verify your license status. Check your internet connection and restart the program. An error occurred while sending the request.
Fig. 1. License status cannot be verified.
You experience this problem because the software version that you have does not support TLS 1.2 and is therefore not able to connect to Office 365.
To fix this error, you need to update the program to the latest version.
If the error still occurs after the update, you should make sure your environment supports TLS 1.2.
You are not able to configure a connection to Office 365
You are not able to configure a connection to Office 365 (Fig. 2.), and you get the following (or similar) error:
Failed to connect to Office 365 using admin account '[account-name]'. The request failed. The underlying connection was closed: An unexpected error occurred on a receive.
This error appears for both source and target connections to Office 365 servers when you try to create a new connection or edit an existing one.
Fig. 2. Connection to Office 365 cannot be established.
You experience this problem because the software version that you have does not support TLS 1.2 and is therefore not able to connect to source/target Office 365.
To fix this error, you need to update the program to the latest version.
If the error still occurs after the update, you should make sure your environment supports TLS 1.2.
You are not able to match mailboxes
You are not able to use the Match mailboxes feature when creating a new migration job or editing an existing one (Fig. 3.). You get the following (or similar) error:
Unable to perform this command. The request failed. The underlying connection was closed: An unexpected error occurred on a receive.
Fig. 3. The Match mailboxes feature is not available.
You experience this problem because the software version that you have does not support TLS 1.2 and is therefore not able to connect to Office 365.
To fix this error, you need to update the program to the latest version.
If the error still occurs after the update, you should make sure your environment supports TLS 1.2.
It is also possible that the program fails to establish a connection to the target Office 365 server and displays the following error:
Connecting to remote server failed with the following error message: The SSL connection cannot be established.
In some cases, a problem with establishing a connection may occur even though you are using the latest migration software version and have TLS 1.2 enabled, while TLS 1.0 and 1.1 are disabled in your environment.
To fix this error, you need to re-enable TLS 1.0 and 1.1 in your environment.
Your Office 365 migration job fails
Your migration job fails and shows errors on the Job bad news card. This occurs during migrations to/from Office 365 when you:
- start a new job;
- pause and then resume an existing job (Fig. 4.);
- use the Run delta migration feature.
When you click the error alert, the following (or similar) error is displayed:
Migration job '[job-name]' failed / failed to start. Reason: The request failed. The underlying connection was closed: An unexpected error occurred on a receive.
Fig. 4. A migration job fails due to lack of TLS 1.2 support.
You experience this problem because the software version that you have does not support TLS 1.2 and is therefore not able to connect to Office 365.
To fix this error, you need to update the program to the latest version.
If the error still occurs after the update, you should make sure your environment supports TLS 1.2.
Your IMAP migration job fails
When attempting to migrate data from an IMAP source server, you receive the following error:
Migration process has been terminated. Limilabs.Client.ServerException: Tried to read a line. No data received. Please make sure that antivirus and firewall software are disabled or configured correctly.
This problem occurs when TLS 1.0 and/or TLS 1.1 are disabled in your environment.
To fix this error, you need to enable TLS 1.0 and/or TLS 1.1 at least for the duration of your migration process. Make also sure to update your CodeTwo migration software to the latest version.
How do I check if TLS 1.2 is supported in my environment?
If you updated CodeTwo software to support TLS 1.2 but you still experience errors related to lack of TLS 1.2 connectivity, you should make sure your environment supports TLS 1.2 and has it enabled.
- See this MSDN article to learn about TLS 1.2 availability in Windows.
- If you're working in a server environment, see this Microsoft blog article for additional information. Some older systems (such as Windows Server 2008) have TLS 1.2 disabled or do not support it at all. The article shows how to ensure your Windows Server and Exchange Server version supports TLS 1.2.
Related products: | CodeTwo Exchange Migration, CodeTwo Office 365 Migration |
Categories: | How-To, Troubleshooting |
Last modified: | November 9, 2021 |
Created: | October 12, 2018 |
ID: | 763 |