1

CRM 2011 RU18 on prem. On the data SQL server, my DBAs want to enable

  1. TLS1.2 or TLS 1.1 security protocol (TLS1.2 is preferable)…If TLS1.2 is enabled, TLS1.1/TLS1.0/ SSL3.0/ SSL2.0 will be disabled. If TLS1.1 is enabled, TLS1.0/ SSL3.0/ SSL2.0 will be disabled
  2. Encrypted connections (to encrypt network traffic from app/ web servers to database server)

This is not my area of expertise. Can anyone advise if this is even possible with this app and if so point me in the right direction?

Nick
  • 735
  • 5
  • 14
keerz
  • 717
  • 1
  • 6
  • 21

2 Answers2

1

Microsoft started enforcing TLS 1.2 recently with Dynamics 365 v9. They also broadcasted a big warning that every connection tools must be upgraded. Meaning old binaries don't support it. I would stay with TLS 1.0.

The Microsoft tools and platforms though v8 have been based on .net 4.5.2, which defaults to TLS 1.0 for security. What this means is that CRM and Dynamics Tools shipped up through v8 will not seamlessly connect to v9. When this shows up it always manifests as an auth failure.

Here's some relevant documentation about the matter:

How to fix TLS 1.2 error with Dynamics 365: https://www.crminnovation.com/blog/tls-transport-layer-security-wake-call/

Transport Layer Security (TLS) 1.2 Connectivity Requirements for Dynamics 365 (Online), V9: https://community.dynamics.com/365/financeandoperations/b/arbelatechnologiesblog/archive/2018/02/25/transport-layer-security-tls-1-2-connectivity-requirements-for-dynamics-365-online-v9

Nick
  • 735
  • 5
  • 14
  • many thanks for answer. I'm hoping to get more info from Microsoft too which I will post if it ever arrives....:) – keerz Aug 15 '18 at 14:46
  • Marking this as the answer but also see the answer I posted myself which came from MS – keerz Sep 04 '18 at 18:25
0

This from Microsoft after opening a ticket

From the following we understand that the latest version of the .NET framework which CRM 2011 is compatible with is .NET 4.5.2. We also assume that your server infrastructure is running on Server 2012 or lower as CRM 2011 is not compatible with Server 2012 R2 or higher.

https://support.microsoft.com/en-za/help/3005163/compatibility-with-microsoft-dynamics-crm-2011

This brings us to conclude a couple things. Based on the following article. It certainly is possible to enable TLS 1.1 and 1.2 (this answers your 'How?' question).

https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in

Another consideration is the browser and OS compatibility of your clients for enabling these protocols. Below is a good reference for this:

https://www.applicationstation.com/home/CompatibilityGuidelines.pdf

We do know that this has never been fully tested for CRM 2011 as the protocol release was after our product release. With this in mind, the configuration is technically not supported, but it is entirely possible that they can be enabled without problem. We would, at a minimum, recommend full testing of any scenario enabling these protocol against a CRM 2011 environment before deploying it to production.

keerz
  • 717
  • 1
  • 6
  • 21