Archive

Archive for February 7th, 2018

Transport Layer Security (TLS) 1.2 Connectivity Requirements for Dynamics 365 (Online), version 9.0

February 7th, 2018 DynamicsMSCRM No comments

Summary
Starting with Dynamics 365 (online) version 9.0, Microsoft will begin requiring connections to customer engagement applications to utilize TLS 1.2 (or better) security. Any connections to Dynamics 365 (online), version 9.x will fail if they do not use TLS 1.2 security protocol. This will impact several Dynamics services including access to the Dynamics 365 Customer Engagement (CRM) web application.

More Information

TLS 1.0 deprecation plan may require the following:

  • Code analysis to find/fix hardcoded instances of TLS 1.0 (or instances of older TLS/SSL versions).
  • Network endpoint scanning and traffic analysis to identify operating systems using TLS 1.0 or older protocols.
  • Full regression testing through your entire application stack with TLS 1.0 disabled.
  • Migration of legacy operating systems and development libraries/frameworks to versions capable of negotiating TLS 1.2.
  • Compatibility testing across operating systems used by your business to identify any TLS 1.2 support issues.
  • Coordination with your own business partners and customers to notify them of your move to deprecate TLS 1.0.
  • Understanding which clients may not interoperate by disabling TLS 1.0

How will you or your customers be impacted?

Any connections to Dynamics 365 (online), version 9.x will fail if they do not use TLS 1.2 security protocol. This will impact several Dynamics services (listed below), including access to the Dynamics 365 Customer Engagement web application.

A quick way to determine what TLS version will be requested by various clients when connecting to your online services is by referring to the Handshake Simulation at Qualys SSL Labs.

Supported versions of Internet Explorer and Microsoft Edge

Supported non-Internet Explorer web browsers

  • Mozilla Firefox (latest publicly-released version) running on Windows 10, Windows 8.1, Windows 8, or Windows 7
  • Google Chrome
  • Google Chrome (latest publicly-released version) running on Windows 10, Windows 8.1, Windows 8, Windows 7, and Android 10 tablet
  • Google Chrome (latest publicly-released version) running on Mac OS X 10.8 (Mountain Lion), 10.9 (Mavericks), or 10.10 (Yosemite)
  • Apple Safari (latest publicly-released version) running on Mac OS X 10.8 (Mountain Lion), 10.9 (Mavericks), 10.10 (Yosemite), or Apple iPad

Supported versions of Microsoft Office

  • Microsoft Office 365
  • Microsoft Office 2016
  • Microsoft Office 2013
  • Microsoft Office 2010

Ensuring support for TLS 1.2 across deployed operating systems
Many operating systems have outdated TLS version defaults or support ceilings that need to be accounted for.  Usage of Windows 8/Server 2012 or later means that TLS 1.2 will be the default security protocol version:

Error Examples
Below are some potential connectivity errors you might encounter when non-TLS 1.2 security protocol is used:

Browser error:

  • Can’t connect securely to this page
  • This might be because the site uses outdated or unsafe TLS security settings. If this keeps happening, try contacting the website’s owner.

Connector error:

Microsoft.Xrm.Tooling.CrmConnectControl Information: 8 : Login Status in Connect is =  Validating connection to Microsoft Dynamics CRM…
Microsoft.Xrm.Tooling.Connector.CrmServiceClient Error: 2 : ERROR REQUESTING Token FROM THE Authentication context
Microsoft.Xrm.Tooling.Connector.CrmServiceClient Error: 2 : Source  : mscorlib
Method   : ThrowIfExceptional
Error        : One or more errors occurred.
Stack Trace              : at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
at System.Threading.Tasks.Task`1.get_Result()
at Microsoft.Xrm.Tooling.Connector.CrmWebSvc.ExecuteAuthenticateServiceProcess(Uri serviceUrl, ClientCredentials clientCredentials, UserIdentifier user, String clientId, Uri redirectUri, PromptBehavior promptBehavior, String tokenCachePath, Boolean isOnPrem, String authority, Uri& targetServiceUrl, AuthenticationContext& authContext, String& resource)

Inner Exception Level 1:

Source: Microsoft.IdentityModel.Clients.ActiveDirectory
Method: Close
Error: Object reference not set to an instance of an object.

Stack Trace: at Microsoft.IdentityModel.Clients.ActiveDirectory.HttpWebResponseWrapper.Close()
at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationParameters.d__0.MoveNext()
— End of stack trace from previous location where exception was thrown —
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationParameters.d__8.MoveNext() ”

Developer tools error:

Inner Exception Level 1 :

Error : The underlying connection was closed: An unexpected error occurred on a send.
Stack Trace: at System.Net.HttpWebRequest.GetResponse()

at System.ServiceModel.Description.MetadataExchangeClient.MetadataLocationRetriever.DownloadMetadata(TimeoutHelper timeoutHelper)
at System.ServiceModel.Description.MetadataExchangeClient.MetadataRetriever.Retrieve(TimeoutHelper timeoutHelper)

Inner Exception Level 2 :

Error : Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
Stack Trace: at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)

at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) ”

How to be Proactive
Microsoft recommends customers proactively address weak TLS usage by removing TLS 1.0/1.1 dependencies in their environments and disabling TLS 1.0/1.1 at the operating system level where possible. Given the length of time TLS 1.0/1.1 has been supported by the software industry, it is highly recommended that any TLS 1.0/1.1 deprecation plan include the following:

  • Application code analysis to find/fix hardcoded instances of TLS 1.0/1.1.
  • Network endpoint scanning and traffic analysis to identify operating systems using TLS 1.0/1.1 or older protocols.
  • Full regression testing through your entire application stack with TLS 1.0/1.1 and all older security protocols disabled.
  • Migration of legacy operating systems and development libraries/frameworks to versions capable of negotiating TLS 1.2.
  • Compatibility testing across operating systems used by your business to identify any TLS 1.2 support issues.

How you or your customers can avoid being impacted.

  • Custom Windows clients built utilizing .NET 4.5.2 (web and native client applications)
    • Custom Windows clients built utilizing .NET 4.5.2 can be fixed by recompiling on .NET 4.6.2. Versions of .NET 4.6.2 and higher implement a process that will seek the highest possible security transport that the host operating system supports.
    • If you are unable to do this, you can utilize a registry setting on Windows that will force .NET to utilize the highest possible security standard. Please Note: This is a machine-wide setting and may have undesired affects. It is recommended that you or your customer utilize the method of recompiling to .NET 4.6.2 or higher. The registry settings that will force .NET 4.5.2 to prefer TLS 1.2 machine-wide are documented in the article Microsoft Security Advisory 2960358 in the section “Suggested Actions” under “Manually disable RC4 in TLS on systems running .NET Framework 4.5/4.5.1/4.5.2″
  • Non .NET Clients (web and client applications)
    • Please check with the framework or language provider to determine how to configure your application to utilize TLS 1.2
  • Dynamics 365 for Microsoft Outlook
    • Download and install Version 8.2.2.137. This is required to connect Dynamics 365 for Outlook with Dynamics 365 (online), version 9.0.
  • Developer Tools
    • Download latest version of tools, used in development, from NuGet. This is required to connect to Dynamics 365 (online), version 9.0.
  • Unified Service Desk

To learn more about removing dependencies on TLS 1.0/1.1 and updating to TLS 1.2 please review the following whitepaper: “Solving the TLS 1.0 Problem

  • Share/Bookmark
Categories: Security, TLS 1.2 Tags:

Test Your Browser’s SSL Implementation

February 7th, 2018 DynamicsMSCRM No comments
Categories: Uncategorized Tags:

Changes coming Dynamics 365 Customer Engagement (CRM V9)

February 7th, 2018 DynamicsMSCRM No comments

This apply’s to Dynamics 365 Customer Engagement as of version 9

More Information

Service scheduling in Dynamics 365 for Customer Service is deprecated
The Unified Resource Scheduling solution is included with Dynamics 365 for Field Service. With this solution, you can automatically set up the system to schedule multiple booking requirements on a recurring basis. This minimizes overall travel time and maximizes efficient use of all resources. It takes many constraints into account, such as resource availability, skills required, working hours, duration, and time windows to optimize the schedule.

The existing service scheduling functionality using the Service activity is deprecated and will be removed in a future major release. Service scheduling features will be included in the Unified Resource Scheduling solution. This solution integrates seamlessly with Dynamics 365, and will work with Dynamics 365 for Customer Service. The Unified Resource Scheduling solution will provide feature parity with the existing service scheduling feature.

Existing service scheduling users will be provided advance notice for a timebound migration to the new service-scheduling capabilities.

More information: Help & Training: Use Resource Scheduling Optimization to schedule multiple booking requirements on a recurring basis

Dialogs are deprecated
You can use a Dialog process to create an interactive step-by-step data entry form that requires user input to start and run to completion. When you start the dialog process, a wizard-like interface is presented; users make selections or enter data as they progress through each page of the wizard.

Dialogs are deprecated and are replaced by mobile task flows (available as of the December 2016 update), and business process flows. Both task flows and business process flows will continue to evolve to make the transition easier.

Usage of Parature knowledgebase as the Dynamics 365 knowledge management solution is deprecated
Usage of Parature from Microsoft knowledgebase as the Dynamics 365 knowledge management solution is deprecated. This feature is replaced by Knowledge Management features in Dynamics 365.

The Knowledge Solution setting in the Knowledge Base Management Settings dialog box, which provides a connection between Dynamics 365 and Parature from Microsoft, will be removed in a future major release of Dynamics 365.

Project Service Finder app is deprecated
The Project Service Finder App, available for use with Dynamics 365 for Project Service Automation, is deprecated. The legacy application will be supported for associated legacy Project Service Automation releases in accordance with Microsoft’s Modern Lifecycle Policy. The functionality available through this app will be available in a future release of Dynamics 365 in the Dynamics 365 for Project Service Automation application.

Contracts, Contract Line Items, and Contract Templates entities are deprecated
The Contracts, Contract Line Items, and Contract Templates entities are deprecated and will be removed in a future major release of Dynamics 365. This functionality has been replaced by entitlements in Dynamics 365 for Customer Service.

Standard SLAs in Dynamics 365 for Customer Service are deprecated
Standard service level agreements (SLA Type field is set to Standard) are deprecated and will be removed in a future major release of Dynamics 365. Standard SLAs are replaced by enhanced SLAs. More information: TechNet: Enhanced service level agreements

Relationship Roles are deprecated
Relationship Roles (Settings>Business Management>Relationship Roles) are deprecated and will be removed in a future major release of Dynamics 365. This feature is replaced by Connection Roles. More information: Help and Training: Create connections to view relationships between records.

Mail Merge is deprecated
In Dynamics CRM 2016 (version 8.0), we introduced server-side document generation using Word and Excel templates. You can use these templates to provide standardized documents or customized data analysis for your organization.

Mail merge from previous versions is deprecated. This includes the mail-merge Word add-in as well as mail-merge templates (Settings>Templates>Mail Merge Templates).

More information: Help & Training: Create Word and Excel templates from Dynamics 365 data

Announcements are deprecated
Announcements (Settings>Administration>Announcements) are deprecated and will be removed in a future major release of Dynamics 365.

Ready-to-use business processes available through Add Ready to Use Business Processes setting are deprecated
Ready-to-use business processes available through the Add Ready-to-Use Business Processes setting (Settings>Data Management>Add Ready-to-Use Business Processes) are deprecated and will be removed in a future major release of Dynamics 365. You can find ready-to-use business processes on Microsoft AppSource.

Some client APIs are deprecated
The following client APIs are deprecated in the current release to reorganize the Xrm client API object model to better align with the need of using the same client scripts without having to change them based on the context or the client (web client or the new Unified Interface) where they run. You should plan to use the new client APIs mentioned in the Replacement Client API column instead of the deprecated ones. The deprecated client APIs will continue to be available and supported until they are officially removed from a future major release of Dynamics 365.

For information about the new client APIs, see Client scripting in Customer Engagement using JavaScript

EntityMetadata.IsInteractionCentricEnabled property is deprecated
All entities supported in the Unified Interface are now enabled for the interactive experience in the new Customer Service Hub app. This implies that the EntityMetadata.IsInteractionCentricEnabled property, which indicates whether an entity can be enabled for interactive experience, is no longer relevant. The corresponding setting for this property in the Customization tool, Enable for interactive experience, is removed in the current release, and the EntityMetadata.IsInteractionCentricEnabled property will be removed from the future version of Dynamics 365 SDK for Customer Engagement.

Silverlight (XAP) web resource is deprecated
The Silverlight (XAP) web resource is deprecated on the web client, and is not supported on the new Unified Interface introduced in the Dynamics 365 (online), version 9.0. Instead of Silverlight web resources, you must use custom controls created using the HTML web resources with HTML5 to create UI components to visualize and interact with data.

  • Share/Bookmark
Categories: Uncategorized Tags: