Issue
SharePoint Online integration is now throwing an error after disabling TLS 1.0 and TLS 1.1 on the K2 Server. This can be observed on SharePoint SmartObject executions and/or contacting SharePoint group providers.
Error Code
The underlying connection was closed: An unexpected error occurred on a send. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
Resolution
Ensure that TLS 1.2 is correctly configured on the K2 Server with either the minimum or maximum requirement implemented as per this article on K2 and TLS 1.2 Support.
If the K2 Server is on Windows Server 2012 R2, you may use the IIS Crypto Tool to resolve this error and follow the steps below:
- Click on the Best Practices button you see on the IIS Crypto Tool. This will enable or disable the Cipher Suites as well as the Protocols you see under Schannel. You may see that TLS 1.0 and TLS 1.1 will get re-enabled if disabled. You may simply remove the tick beside those Protocols so that only TLS 1.2 is enabled.
- Under the Cipher Suites, please make sure that the following are enabled and are placed at the top:
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384
- Click on the Apply button on the IIS Crypto Tool.
- Restart the K2 Server for changes to take effect.
Note: Please take a screenshot of the Protocols and Cipher Suites before implementing the Best Practices via the IIS Crypto Tool. The simplest way to rollback would then be to toggle these settings to the original if there is a need to do so.
