This error occurs on webservices exposed via Service Bus Relay on servers that are TLS 1.2 only.
There have been some new rules released for BHM that are of interest.
There are two rules to check for the issues caused by the July patches, (626 & 627 below) and one that checks to see if one of the pre-requisite for making BizTalk use TLS 1.2 only is installed (628 below).
Thanks to Wagner Silveira for the tip about the update.
Feature Pack 3 with CU5
Important Note: Don’t mix Feature Packs and CUs as per BizTalk 2016 Feature Pack vs BizTalk 2016 CUs
This Feature Pack includes 3 new adapters
As usual it also includes the latest cumulative update in this case CU5.
Further reading for this BizTalk Server 2016 Feature Pack 3 is publicly available, and I have to try it!
BizTalk 2016 CU5
- The TLS 1.2 Support has a prerequisite of SQL Server 2012 Native Client version 11 that you must install, otherwise the CU / FP will fail to install
SQL Server 2012 Native Client version 11 should be installed on all BizTalk Server systems before you apply this update. If the SQL Native Client is not installed before you apply cumulative update, the installation may not complete.https://support.microsoft.com/en-nz/help/4091110/support-for-tls-1-2-protocol-in-biztalk-server
If you use the MQSeries adapter you must run the CU on the IBM Websphere server, and this also needs to SQL Server 2012 Native Client version 11, see Sandro Pereira’s blog post BizTalk Server 2016 CU5 Installation error: SQLNCLI11 ole db
Note If you use the MQSeries adapter, MQSAgent.dll must be updated on the IBM WebSphere MQ server to the same cumulative update level that’s on BizTalk Server. To do this, make sure that you run the same cumulative update setup on the IBM WebSphere MQ server. You may experience performance issues if you run mismatched versions.
- The SFTP adapter improvements for BizTalk Server also have a requirement. You need to install WinSCP version 5.13.1. the steps for this can be found at BizTalk – SFTP Adapter – Missing WinSCPNet Library
Important You must install WinSCP version 5.13.1 after you install this cumulative update.https://support.microsoft.com/en-nz/help/4087345/sftp-adapter-improvements-for-biztalk-server
Details of CU5 can be found here, apart from the usual minor fixes to the FTP, SAP/iDoc it has a few others which I find more interesting.
Orchestration is unbound and pipeline settings are lost when redeploying a Visual Studio project in BizTalk Server I’m sure this one will be pleasing to most developers as this was an annoyance for several version of BizTalk development.
Support for TLS 1.2 protocol in BizTalk Server This was initially released as part of Feature Pack 2, and not as part of a CU, so non-enterprise BizTalk 2016 servers couldn’t get this, now they can.
Support added for SQL Server 2016 Service Pack 2 in BizTalk Server 2016 Microsoft SQL Server 2016 Service Pack 2 (SP2) is added to the list of supported platforms for Microsoft BizTalk Server 2016 starting in Cumulative Update 5 (CU5).
An approach we were considering to keep BizTalk connecting to Salesforce when they disable TLS 1..0
Salesforce will soon be disabling TLS 1.0 support.
Starting in June 2016, Salesforce will begin disabling the TLS 1.0 encryption protocol in a phased approach across impacted Salesforce services. The disablement of TLS 1.0 will prevent it from being used to access the Salesforce service within inbound and outbound connections.
In Continuation to the great post on how to call salesforce APIs via BizTalk , the WCF behaviour can be extended to inforce any other TLS protocol.
ApplyClientBehaviour method can be modified to apply security protocol on the outgoing messages. By default this is SSL 1.0
You can pass on the parameter from the configuration like the other params.
WCF Behaviour extension would look something like.