1

I'm trying to connect to a remote Dynamics CRM instance and getting this exception on the ServiceClient constructor:

Failed to connect to Dataverse
Inner Exception 1: One or more errors occurred.
Inner exception 2: Need a non-empty authority
Parameter name: Authority

The error only occurs when I move the code to a server outside my dev machine.

Here's the code:

string crmConnectionString = 
    $"AuthType=OAuth;Username=user@contoso.com;Password=whatever;Url=my-app.crm.dynamics.com;LoginPrompt=Never";

using (ServiceClient service = new ServiceClient(crmConnectionString))  // throws here

Through Wireshark I noticed the working server is sending the client hello using TLS v1.2, whereas the failing server is sending a slightly shorter hello using TLS v1. Could the issue be related to this and, if so, how do I fix it?

Tawab Wakil
  • 1,737
  • 18
  • 33

1 Answers1

0

I have confirmed that TLS 1.2 is indeed required when communicating with online Dynamics 365. The solution in my case was to add this line directly above the constructor:

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

This forces the protocol to TLS 1.2 and allows the code to work on both servers.

Note that there are probably better ways to solve this, such as upgrading your OS to get the newer TLS. That way your code won't be stuck on TLS 1.2 when newer versions become available. But the code addition is a potentially quick way forward for those who need it.

More info here and here.

Tawab Wakil
  • 1,737
  • 18
  • 33
  • Also, there is significant risk using oauth user password from a headless service. Should aad apply an mfa challenge (multi factor authentication) the connection will hang. It is advised to use client secret or better yet client certificate from headless hosts. – MattB Dec 09 '22 at 14:37
  • @MattB Or you could put a service account in the connection string and disable MFA for that account. – Tawab Wakil Dec 09 '22 at 16:06