BizTalk 2013 R2, TLS 1.2 only, Service Bus Relay Error. The client and server cannot communicate, because they do not possess a common algorithm. — Integration Insights

This error occurs on webservices exposed via Service Bus Relay on servers that are TLS 1.2 only.

via The client and server cannot communicate, because they do not possess a common algorith. — Integration Insights

Advertisement

Updated rules for BizTalk Health Monitor #msbts

There have been some new rules released for BHM that are of interest.

There are two rules to check for the issues caused by the July patches, (626 & 627 below) and one that checks to see if one of the pre-requisite for making BizTalk use TLS 1.2 only is installed (628 below).

BHMrulesupdate

Thanks to Wagner Silveira for the tip about the update.

BizTalk 2016 – Feature Pack 3 & CU5

Feature Pack 3 with CU5

Important Note: Don’t mix Feature Packs and CUs as per BizTalk 2016 Feature Pack vs BizTalk 2016 CUs

Note: This has been replaced with Feature Pack with CU8, and soon Feature Pack with CU9 will be available

Microsoft have released Feature Pack 3 which you can download from here, details of all the feature packs are on Microsoft Docs.

This Feature Pack includes 3 new adapters

As usual it also includes the latest cumulative update in this case CU5.

Further reading for this BizTalk Server 2016 Feature Pack 3 is publicly available, and I have to try it!

BizTalk 2016 CU5

Additional requirements

  • The TLS 1.2 Support has a prerequisite of SQL Server 2012 Native Client version 11 that you must install, otherwise the CU / FP will fail to install

SQL Server 2012 Native Client version 11 should be installed on all BizTalk Server systems before you apply this update. If the SQL Native Client is not installed before you apply cumulative update, the installation may not complete.

https://support.microsoft.com/en-nz/help/4091110/support-for-tls-1-2-protocol-in-biztalk-server

If you use the MQSeries adapter you must run the CU on the IBM Websphere server, and this also needs to SQL Server 2012 Native Client version 11, see Sandro Pereira’s blog post BizTalk Server 2016 CU5 Installation error: SQLNCLI11 ole db


Note If you use the MQSeries adapter, MQSAgent.dll must be updated on the IBM WebSphere MQ server to the same cumulative update level that’s on BizTalk Server. To do this, make sure that you run the same cumulative update setup on the IBM WebSphere MQ server. You may experience performance issues if you run mismatched versions.

https://support.microsoft.com/en-nz/help/4132957/cumulative-update-5-for-microsoft-biztalk-server-2016

Important You must install WinSCP version 5.13.1 after you install this cumulative update.

https://support.microsoft.com/en-nz/help/4087345/sftp-adapter-improvements-for-biztalk-server

Fixes

Details of CU5 can be found here, apart from the usual minor fixes to the FTP, SAP/iDoc it has a few others which I find more interesting.

Orchestration is unbound and pipeline settings are lost when redeploying a Visual Studio project in BizTalk Server   I’m sure this one will be pleasing to most developers as this was an annoyance for several version of BizTalk development.

Support for TLS 1.2 protocol in BizTalk Server  This was initially released as part of Feature Pack 2, and not as part of a CU, so non-enterprise BizTalk 2016 servers couldn’t get this, now they can.

Support added for SQL Server 2016 Service Pack 2 in BizTalk Server 2016 Microsoft SQL Server 2016 Service Pack 2 (SP2) is added to the list of supported platforms for Microsoft BizTalk Server 2016 starting in Cumulative Update 5 (CU5).

Salesforce disabling TLS 1.0 – How to get it working for API calls via BizTalk

An approach we were considering to keep BizTalk connecting to Salesforce when they disable TLS 1..0



xpandINg cosmos: what holds it together ?

Salesforce will soon be disabling TLS 1.0 support.

Starting in June 2016, Salesforce will begin disabling the TLS 1.0 encryption protocol in a phased approach across impacted Salesforce services. The disablement of TLS 1.0 will prevent it from being used to access the Salesforce service within inbound and outbound connections.

More Details

In Continuation to the great post on how to call salesforce APIs via BizTalk , the WCF behaviour can be extended to inforce any other TLS protocol.

ApplyClientBehaviour method can be modified to apply security protocol on the outgoing messages. By default this is SSL 1.0

TLSBehavoir

You can pass on the parameter from the configuration like the other params.

SEcurityProtocol

WCF Behaviour extension would look something like.

BizTalkConfigTLS

View original post

Mike the Tester

A blog about all things testing. Views are my own

Nick's Blog

Biztalk gotcha!

Whatever

FURIOUSLY REASONABLE

A Different Kind of Query

Technology, music, life, and musings

Vierodan IT Space

Spread up technology

BizTalk Server Help book!

Made easy and simple

nethramysooru

Blog on BizTalk Server

Blog Of the Serverless Spirit

Stray Notions on All Things Microsoft Azure and BizTalk

Microsoft Azure/BizTalk_Read

Let's learn and share !

Boutaleb Hicham

Biztalk & Azure Integration Architect : Logic Apps, Serverless, Azure Service Bus, BizTalk Server, and Hybrid Integration

Pieter Vandenheede

Stories, tips & tricks for BizTalk Server, Azure, Data Science & Machine Learning

Glenn Colpaert

Blogging with my head in the (Hybrid) Cloud and my feet on premises! Azure / IoT / Integration

BizMunch

BizTalk blog by Knut Urke

Dragon's BizTalk Blog

A blog about BizTalk, and other integration tools.

The Deployment Bunny

OS Deployment, Virtualization, Microsoft based Infrastructure...

Integration Made Easy

Demystify Integration Development