TLS – BizTalk musings

Feature Pack 3 with CU5

Important Note: Don’t mix Feature Packs and CUs as per BizTalk 2016 Feature Pack vs BizTalk 2016 CUs

Note: This has been replaced with Feature Pack with CU8, and soon Feature Pack with CU9 will be available

Microsoft have released Feature Pack 3 which you can download from here, details of all the feature packs are on Microsoft Docs.

This Feature Pack includes 3 new adapters

As usual it also includes the latest cumulative update in this case CU5.

Further reading for this BizTalk Server 2016 Feature Pack 3 is publicly available, and I have to try it!

BizTalk 2016 CU5

Additional requirements

The TLS 1.2 Support has a prerequisite of SQL Server 2012 Native Client version 11 that you must install, otherwise the CU / FP will fail to install

SQL Server 2012 Native Client version 11 should be installed on all BizTalk Server systems before you apply this update. If the SQL Native Client is not installed before you apply cumulative update, the installation may not complete.
https://support.microsoft.com/en-nz/help/4091110/support-for-tls-1-2-protocol-in-biztalk-server

If you use the MQSeries adapter you must run the CU on the IBM Websphere server, and this also needs to SQL Server 2012 Native Client version 11, see Sandro Pereira’s blog post BizTalk Server 2016 CU5 Installation error: SQLNCLI11 ole db

Note If you use the MQSeries adapter, MQSAgent.dll must be updated on the IBM WebSphere MQ server to the same cumulative update level that’s on BizTalk Server. To do this, make sure that you run the same cumulative update setup on the IBM WebSphere MQ server. You may experience performance issues if you run mismatched versions.
https://support.microsoft.com/en-nz/help/4132957/cumulative-update-5-for-microsoft-biztalk-server-2016

The SFTP adapter improvements for BizTalk Server also have a requirement. You need to install WinSCP version 5.13.1. the steps for this can be found at BizTalk – SFTP Adapter – Missing WinSCPNet Library

Important You must install WinSCP version 5.13.1 after you install this cumulative update.
https://support.microsoft.com/en-nz/help/4087345/sftp-adapter-improvements-for-biztalk-server

Fixes

Details of CU5 can be found here, apart from the usual minor fixes to the FTP, SAP/iDoc it has a few others which I find more interesting.

Orchestration is unbound and pipeline settings are lost when redeploying a Visual Studio project in BizTalk Server I’m sure this one will be pleasing to most developers as this was an annoyance for several version of BizTalk development.

Support for TLS 1.2 protocol in BizTalk Server This was initially released as part of Feature Pack 2, and not as part of a CU, so non-enterprise BizTalk 2016 servers couldn’t get this, now they can.

Support added for SQL Server 2016 Service Pack 2 in BizTalk Server 2016 Microsoft SQL Server 2016 Service Pack 2 (SP2) is added to the list of supported platforms for Microsoft BizTalk Server 2016 starting in Cumulative Update 5 (CU5).

An approach we were considering to keep BizTalk connecting to Salesforce when they disable TLS 1..0

xpandINg cosmos: what holds it together ?

Salesforce will soon be disabling TLS 1.0 support.

Starting in June 2016, Salesforce will begin disabling the TLS 1.0 encryption protocol in a phased approach across impacted Salesforce services. The disablement of TLS 1.0 will prevent it from being used to access the Salesforce service within inbound and outbound connections.

More Details

In Continuation to the great post on how to call salesforce APIs via BizTalk , the WCF behaviour can be extended to inforce any other TLS protocol.

ApplyClientBehaviour method can be modified to apply security protocol on the outgoing messages. By default this is SSL 1.0

TLSBehavoir