Dave is one of the longest serving members of our support team. His technical expertise means that he can provide support to even the most complex support problem, whether that is in Dynamics NAV, Dynamics 365 Business Central, or for something more back end such as SQL or Azure.
TLS Error When Submitting VAT Returns
Companies trying to use the Making Tax Digital (MTD) functionality in Microsoft Dynamics NAV have been having issues connecting to HMRC due to a connection error. We have had several support calls from customers running Dynamics NAV who have been unable to submit VAT returns due to a warning that the system could not create an SSL/TLS secure channel. In this article, we look at who is affected, what the issue is and how to resolve the problem.
Dynamics NAV 2015, MTD, HMRC, TLS 1.2
This week we have dealt with calls from a number of customers running NAV 2015 who have been unable to submit VAT returns due to the below error:
"Connection to the remote service could not be established.
The request was aborted: Could not create SSL/TLS secure channel."
It appears that in the last few weeks HMRC have started to require TLS 1.2 on the connection from NAV. Later versions of NAV handle this natively, but older versions of NAV default to TLS 1.0.
There are a number of approaches to resolving this which look like they would work. We used and tested no.1 on the list - updating CAL code. However, in a situation where you cannot modify the CAL code in NAV the others could be useful.
For any of the below options you would need to enable TLS 1.2 at the Windows Server level as per this link
Transport Layer Security (TLS) registry settings | Microsoft Docs. This might vary for different versions of Windows though.
1 Updating CAL code
We copied the below functions from later versions of NAV:
And finally the below line of code:
This specifies that when NAV creates the TLS connection to HMRC’s servers version 1.2 should be used.
2 Modifying the registry
You could default everything to TLS 1.2. This would be sensible anyway from a security standpoint but may effect systems other than NAV so will require more testing.
3 Modifying the config file for the middle tier to default to TLS 1.2
In writing this blog article, I found the below, which suggests there might be an easier way to make NAV default to TLS 1.2.
It’s not clear if this setting would affect connections being made by an external .NET control, or just those from the NAV executable, such as the connection to the SQL server.
It looks like all that is needed is to add a SecurityProtocol key with a value of Tls12 or 3072 to the "C:\Program Files\Microsoft Dynamics NAV\80\Service\Microsoft.Dynamics.Nav.Server.exe.config" and any other instances. I have not tested but will try it if I see the issue again
Expert support from our UK Dynamics support team
Our UK support team have a structured approach to Dynamics support, whether for Business Central or Dynamics NAV. This means that we can process support calls in a timely and effective manner. With extremely technical resource in the team, we are able to help with some extremely complex support calls for Dynamics. But it is not just about technical capability; we want to make sure that our customers are happy with the service that we provide them. With every support call there is an opportunity to provide sentiment in the form of a thumb up or a thumb down with just one click. Since we implemented this in May, the team have been doing an incredible job... as you can see below:
On the rare occasion a customer does give us a thumbs down, we know who it is was and can follow up to make sure we resolve the issue. This means that we can ensure a positive ongoing relationship; a true partnership.
I find their approach to our relationship very professional whilst being refreshingly realistic. We now consider them to be part of our teamTechnical Director, Bainbridge International