vervoorn.com

Migrating BizTalk 2020 to Windows 2022 with TLS 1.3 Support

by

PJVervoorn
in ,

Recently, we undertook a project to migrate BizTalk 2020 to Windows 2022 for one of our clients. A key motivator for this migration was the out-of-the-box support for TLS 1.3.

Step 1: Setting Up in Azure We started by creating new VMs in Azure. Following this, we installed BizTalk 2020 and Cumulative Update 6 (CU6). Once installation was complete, we proceeded with the configuration.

Step 2: Verifying Functionality After configuration, we verified that everything was working as expected, and it was.

Step 3: Creating a Test Flow To ensure TLS 1.3 was enabled, we created a simple flow involving a file receive, a WCF WebHttp send (in a two-way port), and a file send. Using Akamai’s TLS Checker as the URL, we confirmed that TLS 1.3 was indeed enabled. So far, so good.

Step 4: Development Environment Testing Next, we set up a development machine on-premises, using a Windows 2022 image from Visual Studio Subscriber downloads. The machine was up-to-date with build Februari 2025. After installing BizTalk 2020 and CU6, we ran the same test. Unfortunately, this time it showed TLS 1. This was not good.

Solution: Updating Registry Keys We resolved the issue by adding the registry keys and values mentioned below and then restarting the machine. The strange this is these values should be the default for .Net 4.7 and up (see: https://learn.microsoft.com/en-us/dotnet/framework/network-programming/tls#for-wcf-applications-1 ). This adjustment ensured that BizTalk now uses secure encryptions. (Don’t forget to restart your host instances.)

PowerShell commands:

Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" -Name "SchUseStrongCrypto" -Value 1 -Type DWord
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" -Name "SystemDefaultTlsVersions" -Value 1 -Type DWord

Set-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319" -Name "SchUseStrongCrypto" -Value 1 -Type DWord
Set-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319" -Name "SystemDefaultTlsVersions" -Value 1 -Type DWord