TLS Error When Submitting VAT Returns

Dynamics NAV 2015, MTD, HMRC, TLS 1.2

This week we have dealt with calls from a number of customers running NAV 2015 who have been unable to submit VAT returns due to the below error: 

"Connection to the remote service could not be established.

The request was aborted: Could not create SSL/TLS secure channel."

It appears that in the last few weeks HMRC have started to require TLS 1.2 on the connection from NAV.  Later versions of NAV handle this natively, but older versions of NAV default to TLS 1.0. 

There are a number of approaches to resolving this which look like they would work.  We used and tested no.1 on the list - updating CAL code. However, in a situation where you cannot modify the CAL code in NAV the others could be useful. 

For any of the below options you would need to enable TLS 1.2 at the Windows Server level as per this link

Transport Layer Security (TLS) registry settings | Microsoft Docs. This might vary for different versions of Windows though.

1 Updating CAL code

We copied the below functions from later versions of NAV:

And finally the below line of code:

This specifies that when NAV creates the TLS connection to HMRC’s servers version 1.2 should be used. 

2 Modifying the registry

You could default everything to TLS 1.2. This would be sensible anyway from a security standpoint but may effect systems other than NAV so will require more testing. 

3 Modifying the config file for the middle tier to default to TLS 1.2

In writing this blog article, I found the below, which suggests there might be an easier way to make NAV default to TLS 1.2. 

How to get earlier versions of the Dynamics NAV development environment to work with TLS 1.2 - Microsoft Dynamics 365 Blog

It’s not clear if this setting would affect connections being made by an external .NET control, or just those from the NAV executable, such as the connection to the SQL server. 

It looks like all that is needed is to add a SecurityProtocol key with a value of Tls12 or 3072 to the "C:\Program Files\Microsoft Dynamics NAV\80\Service\Microsoft.Dynamics.Nav.Server.exe.config" and any other instances.  I have not tested but will try it if I see the issue again  

Expert support from our UK Dynamics support team

Our UK support team have a structured approach to Dynamics support, whether for Business Central or Dynamics NAV. This means that we can process support calls in a timely and effective manner. With extremely technical resource in the team, we are able to help with some extremely complex support calls for Dynamics. But it is not just about technical capability; we want to make sure that our customers are happy with the service that we provide them. With every support call there is an opportunity to provide sentiment in the form of a thumb up or a thumb down with just one click. Since we implemented this in May, the team have been doing an incredible job... as you can see below: 

On the rare occasion a customer does give us a thumbs down, we know who it is was and can follow up to make sure we resolve the issue. This means that we can ensure a positive ongoing relationship; a true partnership. 

Dynamics support