I have this error for your example.
We identified that the problem appears on older versions of Windows - 7, 8.1, and apparently 2008R2. It works on Windows 10.
Investigation continues. Will keep you posted
2 Likes
UPDATE
It looks like older versions of Windows either don’t have TLS 1.2 enabled, or don’t have necessary ciphers to negotiate the SSL handshake.
EasyMorph Community website (as well as the web service you’re trying to reach) only supports TLS 1.2 and TLS 1.3 (less secure protocols are disabled). It seems neither is supported in your Windows 2008 R2. To verify the hypothesis you can try opening the Community website in Internet Explorer (but not Chrome or Firefox). Most probably it won’t open. Cross-platform applications such as Chrome, Firefox, or curl have their own ciphers so they don’t depend on Windows ciphers.
If you keep your Windows up to date, chances are the necessary ciphers have been installed with an update. In this case you may just need to enable TLS 1.2 as described here: https://www.microsoft.com/security/blog/2017/07/20/tls-1-2-support-added-to-windows-server-2008/
We keep investigating if there is a way to add missing ciphers required for TLS 1.2 and 1.3.
BTW, the extended support for Windows 2008 R2 expires on 1/14/2020.
1 Like
I think this is related so would really appreciate some advice.
We use EasyMorph to download files from SharePoint and that has worked fine for quite a long time now. It still works fine on laptops but has recently started failing (intermittently but more often failing that not) on the Server with the error:
Blockquote action "SharePoint command", table "Download Sharepoint file": The underlying connection was closed: An unexpected error occurred on a send. Details: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.; An existing connection was forcibly closed by the remote host
After some digging it seems there were security changes made to the Windows Server (2012 R2) that hosts the EasyMorph Server. I'm not sure of the full details but it involved upgrading .NET to 4.8.
Using a different ETL tool I was able to get the download working on that Windows Server by forcing the security protocol to "TLS 1.2 or higher" in the application.
Is it possible to do something similar in EasyMorph?
We don't have any direct control over the Windows Server but could request changes be made there. I'm not sure what I'd be asking for at the moment.
Thanks!
EasyMorph supports TLS 1.2 but it doesn’t require the remote server to use TLS 1.2 or higher. I have a feeling that your Windows Server should be patched/tweaked to enforce using TLS 1.2. In other words, enforcing TLS 1.2 or higher should be a Windows setting, not an application setting.
EasyMorph Desktop keeps working with SharePoint not because EasyMorph Desktop is somehow different (Desktops use exactly the same data connector libraries as EasyMorph Server), but because the Windows settings on Desktop machines are correctly configured.
This article can be a starting point for investigation: How to enable Transport Layer Security (TLS) 1.2 on clients - Configuration Manager | Microsoft Docs