Failure to connect using OAuth with Office 365 or Exchange Web Services in a TLS 1.2 environment

Last updated
Save as PDF

Article # 3031539 - Page views: 6215

Issue

When configuring an OAuth input source for Office 365 or Exchange Web Services in the COLLECTOR and the environment is restricted to TLS (Transport Security Layer) 1.2, one of the following messages may be displayed during the connection attempt:

"The connection to Office 365 failed. An error occurred when sending the request."
"The underlying connection was closed: An unexpected error occurred on a send."
AADSTS1002016: You are using TLS version 1.0,1.1 and/or 3DES cipher which are deprecated to improve the security posture of Azure AD...

Cause

The Microsoft .NET Framework is not configured properly, which is allowing for weaker cryptographic algorithms, cipher suites, and TLS/SSL protocol versions that do not provide support for TLS 1.2 to be negotiated.

Solution

Add the following Registry keys. These Registry keys instruct .NET4 to disable the negotiation of these weaker cryptographic algorithms, cipher suites, and TLS/SSL protocol versions.

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

Level of Complexity

High

Applies to

Product	Version	Build	Environment	Hardware
COLLECTOR	6.5.0.4 and above	6.5.0.4 and above	Current	Current

References

Transport Layer Security (TLS) registry settings
https://docs.microsoft.com/en-us/win...istry-settings

How to enable TLS 1.2 on clients
https://docs.microsoft.com/en-us/mem...tls-1-2-client

Transport Layer Security (TLS) best practices with the .NET Framework
https://docs.microsoft.com/en-us/dot...rogramming/tls

Article # 3031539