How to make sure CodeTwo migration software supports TLS 1.2

Problem:

Starting 31 October 2018, Microsoft makes TLS 1.2 the default security protocol in Office 365. TLS 1.0 and 1.1 still work, but Microsoft does not provide support in case of connection or compatibility issues.

This article explains how to ensure that CodeTwo migration software supports TLS 1.2 for communication with Office 365. We recommend following the guidelines below because TLS 1.2 provides better security and allows you to avoid any possible Office 365 connection issues in the future (when Microsoft disables the older TLS versions).

Warning

If you plan to disable TLS 1.0 and 1.1 in your environment and switch entirely to TLS 1.2, you need to update CodeTwo migration software to the version that supports TLS 1.2. Otherwise, you will not be able to use the software to migrate data to/from Office 365: connection to source/target Office 365 will not be possible, your jobs will stop, and you will get various errors. For more information, see Troubleshooting.

Solution:

To ensure that CodeTwo migration software supports TLS 1.2 in your environment, you need to:

How to update CodeTwo migration software

To enable support for TLS 1.2 in CodeTwo migration software, you need to update the software to the latest version by following these steps:

  1. Download the installer from the program's download page (CodeTwo Exchange MigrationCodeTwo Office 365 Migration) onto the machine where CodeTwo migration software is installed.
  2. Before you proceed, close the Administration Panel of your CodeTwo migration program. You do not need to stop any Windows services related to the program.

    Warning

    If any jobs are running in the background, they will be paused by the installer, and you will have to resume them manually after the update.

  3. Launch the downloaded installer and install the program.
  4. If you have more instances of the program in your environment, perform the update on each machine where the program is installed.
  5. After the update process is complete, you can launch the program. All of your settings and jobs are retained, but you need to resume the jobs manually.
  6. The program now supports Transport Layer Security 1.2, and you can use it to migrate data to/from Office 365.

(Optional) Enable TLS 1.2 for the .NET framework on your machine

An alternative solution to TLS-related problems is to make the machine where CodeTwo software is installed use TLS 1.2 for Schannel and .NET framework:

  • first, you need to manually set TLS 1.2 as the default security protocol in your system by modifying the Windows registry (Schannel);
  • then you need to set the .NET framework(s) on the machine to use your system's default TLS protocol. Learn how to check your .NET version

For more information and step-by-step guidelines, see this Microsoft blog article (the instructions provided in the article apply not only to the server versions of Windows, but also to the client versions of Windows, e.g. Windows 10).

Troubleshooting

This section describes problems that occur if your environment has TLS 1.0 and 1.1 disabled (TLS 1.2 is your only security protocol), and you're still using a version of CodeTwo migration software that does not support TLS 1.2.

The program fails to verify your license status

The program is not able to verify the status of your license (Fig. 1.), and you get the following (or similar) error:

Failed to verify your license status. Check your internet connection and restart the program.
An error occurred while sending the request.

763-1
Fig. 1. License status cannot be verified.

You experience this problem because the software version that you have does not support TLS 1.2 and is therefore not able to connect to Office 365.

To fix this error, you need to update the program to the latest version.

If the error still occurs after the update, you should make sure your environment supports TLS 1.2.

You are not able to configure a connection to Office 365

You are not able to configure a connection to Office 365 (Fig. 2.), and you get the following (or similar) error:

Failed to connect to Office 365 using admin account '[account-name]'.
The request failed. The underlying connection was closed: An unexpected error occurred on a receive.

This error appears for both source and target connections to Office 365 servers when you try to create a new connection or edit an existing one.

763-2
Fig. 2. Connection to Office 365 cannot be established.

You experience this problem because the software version that you have does not support TLS 1.2 and is therefore not able to connect to source/target Office 365.

To fix this error, you need to update the program to the latest version.

If the error still occurs after the update, you should make sure your environment supports TLS 1.2.

You are not able to match mailboxes

You are not able to use the Match mailboxes feature when creating a new migration job or editing an existing one (Fig. 3.). You get the following (or similar) error:

Unable to perform this command.
The request failed. The underlying connection was closed: An unexpected error occurred on a receive.

763-3
Fig. 3. The Match mailboxes feature is not available.

You experience this problem because the software version that you have does not support TLS 1.2 and is therefore not able to connect to Office 365.

To fix this error, you need to update the program to the latest version.

If the error still occurs after the update, you should make sure your environment supports TLS 1.2.

Your Office 365 migration job fails

Your migration job fails and shows errors on the Job bad news card. This occurs during migrations to/from Office 365 when you:

  • start a new job;
  • pause and then resume an existing job (Fig. 4.);
  • use the Rescan feature.

When you click the error alert, the following (or similar) error is displayed:

Migration job '[job-name]' failed / failed to start.
Reason: The request failed. The underlying connection was closed: An unexpected error occurred on a receive.

763-4
Fig. 4. A migration job fails due to lack of TLS 1.2 support.

You experience this problem because the software version that you have does not support TLS 1.2 and is therefore not able to connect to Office 365.

To fix this error, you need to update the program to the latest version.

If the error still occurs after the update, you should make sure your environment supports TLS 1.2.

Your IMAP migration job fails

When attempting to migrate data from an IMAP source server, you receive the following error:

Migration process has been terminated. Limilabs.Client.ServerException: Tried to read a line. No data received. Please make sure that antivirus and firewall software are disabled or configured correctly.

This problem occurs when TLS 1.0 and/or TLS 1.1 are disabled in your environment.

To fix this error, you need to enable TLS 1.0 and/or TLS 1.1 at least for the duration of your migration process. Make also sure to update your CodeTwo migration software to the latest version.

How do I check if TLS 1.2 is supported in my environment?

If you updated CodeTwo software to support TLS 1.2 but you still experience errors related to lack of TLS 1.2 connectivity, you should make sure your environment supports TLS 1.2 and has it enabled.

  • See this MSDN article to learn about TLS 1.2 availability in Windows.
  • If you're working in a server environment, see this Microsoft blog article for additional information. Some older systems (such as Windows Server 2008) have TLS 1.2 disabled or do not support it at all. The article shows how to ensure your Windows Server and Exchange Server version supports TLS 1.2.