No ratings

Workflow fails when connecting to the Nintex External Platform (Nintex Live)

Topic

Workflows with actions such as Document Generation, Nintex Sign, and other Live endpoints fail with the following message:

 

An Error occurred while making the HTTP request to https://live.nintex.com/Gateway/ProviderHandler.svc/V20110930/. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server. 

 

System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host

 

It's been identified that the main issue deals with the lack of registry keys for strong cryptography and TLS 1.2 within the environments running workflows/utilizing Nintex Live

 

NOTE: From December 1st 2020, Nintex will update the Live Router to remove support for Legacy Transport Layer Security (TLS) 1.0, 1.1. If any Nintex Live services are in use, you will be required to update your SharePoint deployment to support TLS 1.2 to ensure that the Live services run properly. All Nintex for SharePoint (2010, 2013, 2016, 2019) platforms and their respective Live components will be affected. 

 

Instructions

To enable TLS 1.2 on your SharePoint servers:

 

Nintex for SharePoint 2013, 2016, and 2019

1. Open Notepad

2. Copy and paste the below contents into Notepad:

 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

 

 

3. Save this file with the  '.reg' extension. For example: 'TLS.reg'.

4. Execute this .reg file on every server within the farm that is executing workflows.

5. A restart is required for the new registry keys to take effect.

 

Nintex for SharePoint 2010  
  1. Install hotfix for .NET to enable TLS 1.2 for .NET. Refer this Microsoft article to ensure that your SharePoint environment has the required .NET framework to use TLS 1.2. 

Open command prompt as administrator and run the following commands: 
Note: This needs to be done on all servers in the farm. 

%windir%\system32\reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727" /f /v DefaultSecureProtocols /t REG_DWORD /d 1 

%windir%\system32\reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727" /f /v SystemDefaultTlsVersions /t REG_DWORD /d 1 

%windir%\system32\reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727" /f /v SchUseStrongCrypto /t REG_DWORD /d 1 

 

%windir%\system32\reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727" /f /v DefaultSecureProtocols /t REG_DWORD /d 1 

%windir%\system32\reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727" /f /v SystemDefaultTlsVersions /t REG_DWORD /d 1 

%windir%\system32\reg.exe add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727" /f /v SchUseStrongCrypto /t REG_DWORD /d 1

Related Links

For more information, please refer to Microsoft's documentation on enabling TLS 1.2:

 

https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/security/enable-tls-1-2-client

 

https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls

Attachments
Version history
Last update:
‎12-15-2020 12:47 PM
Updated by:
Contributors