Topic
Workflows with actions such as Document Generation, Nintex Sign, and other Live endpoints fail with the following message:
An Error occurred while making the HTTP request to https://live.nintex.com/Gateway/ProviderHandler.svc/V20110930/. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server.
System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host
It's been identified that the main issue deals with the lack of registry keys for strong cryptography and TLS 1.2 within the environments running workflows/utilizing Nintex Live
NOTE: From December 1st 2020, Nintex will update the Live Router to remove support for Legacy Transport Layer Security (TLS) 1.0, 1.1. If any Nintex Live services are in use, you will be required to update your SharePoint deployment to support TLS 1.2 to ensure that the Live services run properly. All Nintex for SharePoint (2010, 2013, 2016, 2019) platforms and their respective Live components will be affected.
Instructions
To enable TLS 1.2 on your SharePoint servers:
Nintex for SharePoint 2013, 2016, and 2019
1. Open Notepad
2. Copy and paste the below contents into Notepad:
Windows Registry Editor Version 5.00 rHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]
1HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client] "DisabledByDefault"=dword:00000000 "Enabled"=dword:00000001
0HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server] "DisabledByDefault"=dword:00000000 "Enabled"=dword:00000001
0HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727] "SystemDefaultTlsVersions"=dword:00000001 "SchUseStrongCrypto"=dword:00000001
0HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319] "SystemDefaultTlsVersions"=dword:00000001 "SchUseStrongCrypto"=dword:00000001
0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NET\Framework\v2.0.50727] "SystemDefaultTlsVersions"=dword:00000001 "SchUseStrongCrypto"=dword:00000001
0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] "SystemDefaultTlsVersions"=dword:00000001 "SchUseStrongCrypto"=dword:00000001
3. Save this file with the '.reg' extension. For example: 'TLS.reg'.
4. Execute this .reg file on every server within the farm that is executing workflows.
5. A restart is required for the new registry keys to take effect.
Nintex for SharePoint 2010
- Install hotfix for .NET to enable TLS 1.2 for .NET. Refer this Microsoft article to ensure that your SharePoint environment has the required .NET framework to use TLS 1.2.
Open command prompt as administrator and run the following commands:
Note: This needs to be done on all servers in the farm.
%windir%system32eg.exe add "HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoft.NETFrameworkv2.0.50727" /f /v DefaultSecureProtocols /t REG_DWORD /d 1 %windir%system32eg.exe add "HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoft.NETFrameworkv2.0.50727" /f /v SystemDefaultTlsVersions /t REG_DWORD /d 1 %windir%system32eg.exe add "HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoft.NETFrameworkv2.0.50727" /f /v SchUseStrongCrypto /t REG_DWORD /d 1 %windir%system32eg.exe add "HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFrameworkv2.0.50727" /f /v DefaultSecureProtocols /t REG_DWORD /d 1 %windir%system32eg.exe add "HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFrameworkv2.0.50727" /f /v SystemDefaultTlsVersions /t REG_DWORD /d 1 %windir%system32eg.exe add "HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFrameworkv2.0.50727" /f /v SchUseStrongCrypto /t REG_DWORD /d 1
Related Links
For more information, please refer to Microsoft's documentation on enabling TLS 1.2:
https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/security/enable-tls-1-2-client
https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls
