Share via

SharePoint 2019: Workflow 2013 Manager "Call HTTP Web Service" failing with TLS 1.2 Connectivity Error

Owens Aseel 20 Reputation points
2026-02-09T08:19:14.35+00:00

SharePoint 2013-style workflows, hosted on a SharePoint Server 2019 farm, are failing when attempting to call an external REST API. This integration was working perfectly until a recent infrastructure hardening where TLS 1.0 and 1.1 were disabled on the API Gateway. Although the SharePoint servers have the required registry keys for TLS 1.2, the Workflow Manager (WFM) seems unable to negotiate a secure handshake.

​__Technical Details__

The workflow enters a "Suspended" state immediately after the "Call HTTP Web Service" activity. When checking the workflow instance details in the browser or via the Workflow Manager backend logs, we see the following exception:

Exception: Microsoft.Activities.Messaging.WorkflowWebException:

The remote server returned an error: (500) Internal Server Error.

---> System.Net.WebException: The underlying connection was closed:

An unexpected error occurred on a send.

---> System.IO.IOException: Authentication failed because the remote party has closed the transport stream.

Is there a specific configuration required within the Workflow Manager (WFM) Microsoft.Workflow.ServiceHost.exe.config to explicitly force the use of TLS 1.2 for outbound REST calls?

Microsoft 365 and Office | SharePoint Server | Development
0 comments
Answer accepted by question author
  1. Steven-N 21,165 Reputation points Microsoft External Staff Moderator
    2026-02-09T09:30:46.5433333+00:00

    Hi Owens Aseel

    Thank you for reaching out to Microsoft Q&A forum

    As far as I know, the Workflow Manager uses its own .NET Framework runtime, separate from SharePoint. Even though SharePoint servers are configured for TLS 1.2, the WFM service host process needs its own configuration because it's making the outbound HTTP calls directly. The AppContextSwitchOverrides setting tells .NET to respect the system default TLS versions (which includes TLS 1.2) rather than falling back to legacy protocols.

    That said, I am totally agreeing with you that the workflow manager has its own .NET runtime configuration that needs to be explicitly configured to use TLS 1.2, independent of the SharePoint server's registry settings.

    Moreover, I have conducted some research, and I think the solution of this context is you have to modify the Workflow Manager configuration files to force TLS 1.2, to do that, you can follow the below recommended approaches:

    1. Locate the Configuration Files

    On your Workflow Manager server(s), you need to modify these config files:

    C:\Program Files\Workflow Manager\1.0\Workflow\WFWebRoot\web.config

    C:\Program Files\WorkflowManager\1.0\WorkflowServiceHost\Microsoft.Workflow.ServiceHost.exe.config

    2. Add the Runtime Configuration

    In both config files, add the following within the <configuration> section:

    <configuration>
 
<!-- Other existing configuration -->
 
<runtime>
 
<AppContextSwitchOverrides value="Switch.System.Net.DontEnableSystemDefaultTlsVersions=false" />
 
</runtime>
 
<system.net>
 
<settings>
 
<servicePointManager checkCertificateRevocationList="false" />
 
</settings>
 
</system.net>
 
<!-- Other existing configuration -->
 
</configuration>

    4. Verify Registry Keys on WFM Server

    Ensure these registry keys are set on the Workflow Manager server (not just SharePoint):

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] "SchUseStrongCrypto"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319] "SchUseStrongCrypto"=dword:00000001

    5. Restart Services

    After making these changes, kindly stop Workflow manager services:

    • Workflow manager backend service bus gateway
    • Service bus message broker

    Restart them in order:

    • Service Bus Message
    • Broker Service Bus Gateway

    Workflow Manager Backend

    You can try the above workaround method, if the problem still persists, kindly let me know in the comments for further support.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".     

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2026-02-09T08:19:26.11+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    To resolve the issue with the Workflow Manager (WFM) in SharePoint 2019 failing to call an external REST API due to TLS 1.2 connectivity errors, you may need to ensure that the Workflow Manager is configured to explicitly use TLS 1.2 for outbound REST calls.

    Here are some steps you can take:

    1. Update the Microsoft.Workflow.ServiceHost.exe.config: You may need to modify the configuration file for the Workflow Manager to ensure that it supports TLS 1.2. This can typically be done by adding the following line within the <configuration> section: 
         <system.net>
       <defaultProxy>
           <proxy autoDetect="True" />
       </defaultProxy>
       <settings>
           <servicePointManager>
               <securityProtocol>Tls12</securityProtocol>
           </servicePointManager>
       </settings>
   </system.net>
    2. Registry Keys: Ensure that the necessary registry keys for enabling TLS 1.2 are set correctly on the server. This includes the SchUseStrongCrypto registry value for .NET Framework applications, which should be set to enforce strong cryptography.
    3. Restart the Workflow Manager: After making changes to the configuration file, restart the Workflow Manager service to apply the changes.

    If the issue persists, you may also want to check for any additional configurations or updates that might be required for the Workflow Manager to fully support TLS 1.2, as well as ensuring that all components in your SharePoint farm are updated accordingly to support the newer TLS versions.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.