Since this morning, we have multiple users who connect with Epicor through term servers that are not able to log in. Each user is getting the following error - Could not create SSL/TLS secure channel. I have listed the entirety of the error below. There was no update I know about or of anything that has changed. I have connected with Epicor Support, with no avail. If anyone has any recommendations, any help is appreciated.

Application Error

Exception caught in: mscorlib

Error Detail

Message: An error occurred while sending the request.
Inner Exception Message: The request was aborted: Could not create SSL/TLS secure channel.
Program: CommonLanguageRuntimeLibrary
Method: ThrowForNonSuccess

Client Stack Trace

at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Extensions.Http.Logging.LoggingHttpMessageHandler.<g__Core|5_0>d.MoveNext()
— End of stack trace from previous location where exception was thrown —
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Extensions.Http.Logging.LoggingScopeHttpMessageHandler.<g__Core|5_0>d.MoveNext()
— End of stack trace from previous location where exception was thrown —
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Epicor.ServiceModel.Channels.ImplBase.d__130.MoveNext()
— End of stack trace from previous location where exception was thrown —
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Epicor.Utilities.AsyncHelper.RunSync[TResult](Func1 method) at Epicor.ServiceModel.Channels.ImplBase.Execute(String methodName, RestValueSerializerBase serializer, ProxyValuesIn valuesIn, ProxyValuesOut valuesOut) at Epicor.ServiceModel.Channels.ImplBase.<>c__DisplayClass126_0.<CallWithCommunicationFailureRetry>b__0(Context _) at Polly.Policy1.<>c__DisplayClass13_0.b__0(Context ctx, CancellationToken _)
at Polly.Retry.RetryEngine.Implementation[TResult](Func3 action, Context context, CancellationToken cancellationToken, ExceptionPredicates shouldRetryExceptionPredicates, ResultPredicates1 shouldRetryResultPredicates, Action4 onRetry, Int32 permittedRetryCount, IEnumerable1 sleepDurationsEnumerable, Func4 sleepDurationProvider) at Polly.Retry.RetryPolicy1.Implementation(Func3 action, Context context, CancellationToken cancellationToken) at Polly.Policy1.Execute(Func3 action, Context context, CancellationToken cancellationToken) at Polly.Policy1.Execute(Func`2 action, Context context)
at Epicor.ServiceModel.Channels.ImplBase.CallWithCommunicationFailureRetry(String methodName, ProxyValuesIn valuesIn, ProxyValuesOut valuesOut, RestRpcValueSerializer serializer)
at Epicor.ServiceModel.Channels.ImplBase.CallWithMultistepBpmHandling(String methodName, ProxyValuesIn valuesIn, ProxyValuesOut valuesOut, Boolean useSparseCopy)
at Epicor.ServiceModel.Channels.ImplBase.Call(String methodName, ProxyValuesIn valuesIn, ProxyValuesOut valuesOut, Boolean useSparseCopy)
at Ice.Proxy.Lib.SessionModImpl.Login()
at Ice.Core.Session.GetSessionId(String asUrl, String companyId, String plantId)
at Ice.Core.Session.InitSessionMod(String asUrl, Boolean fwVerCheck, String companyID, String plantID, String sessionId)
at Ice.Core.Session.InitSession(Action setCredentials, String asUrl, Guid licenseTypeId, String pathToConfigurationFile, Boolean fwVerCheck, String companyID, String plantID, Boolean useChannelCacheForServices, String sessionId)
at Ice.Core.Session..ctor(String userID, String password, String asUrl, Guid licenseTypeId, String pathToConfigurationFile, Boolean fwVerCheck, String companyID, String plantID, Boolean useChannelCacheForServices, String sessionId, String edgeAgentToken)
at Ice.Core.Session..ctor(String userID, String password, Guid licenseType)
at Ice.Lib.LogOn.CreateSession(String userID, String password, String appServerUri, Guid licenseType, SessionTokenType sessionTokenType, Object azureADOwnerWindow)
at Ice.Lib.LogOn.logOn(String userID, String password, Boolean promptUpdatePassword, SessionTokenType sessionTokenType)
at Ice.Lib.LogOn.btnOK_Click(Object sender, EventArgs e)

Inner Exception

The request was aborted: Could not create SSL/TLS secure channel.

Inner Stack Trace

at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context)
at System.Net.Http.HttpClientHandler.GetRequestStreamCallback(IAsyncResult ar)

is this a server 2016? we are seeing this issue as well. However windows update was done this weekend not sure what updated had anything to do with it.

We are still running 2008 R2, we don’t think we are able to be supported to get updates from Windows anymore so if you’re also getting this same error, could be some update from Epicor that’s affecting us.

Ours is not related to epicor but to remote desktop services, i think.

We’re able to connect to the term server, then to Epicor and the login screen, but then that is where we get the error, you’re saying you think its related to creating a secure connection between the user and the server and nothing with Epicor? Maybe the issue lies in that connection and that Epicor is not reading it as a secure channel?

What version of Epicor are you on? Can you get to the server app server? are you on prem?

We are on 2025.2.7, we are on cloud, not on prem and we do not have access to the application server. We also have an expired certificate, but it has been expired for years and there is no known update we know about so why would that be an issue now.

Escalate the ticket, reach out to CAM if need be.

Already reached out and escalated, outcome is typical no good Epicor support, just telling me to redownload Epicor on the server, which did not work. Reaching out to CAM now, will update with any solutions I come across.

please do, thanks. sorry for your troubles. Hoping for a resolution soon.

We’ve had that error here but we’re OnPrem and it’s always been a certificate issue…

Good luck!

Check the saved Computer / User Certificates on the Terminal server, maybe you have imported one that has now expired, you may need to delete it.

Its somewhere in Control Panel → Manage Certificates

This can be old TLS versions disabled on server and your old client OS does not support this

So our sys admin was going through and deactivating old cyphers and that caused our environment to get corrupted. So we did a bare meatal restore of the server. We are now back up and running on our end. Not sure if this helps the OP but just wanted to close my comments.

Thanks for the help guys, we are testing out solutions with certificates to narrow down the issue, testing the TLS versions, and if all fails, Kinetic still works so we may just introduce our users to Kinetic because it is inevitable.

I had a customer on Monday morning where rest services to cloud from a windows server 2012 r2 stopped working over the weekend.

Also over the weekend Epicor applied windows updates and security updates to live.

Therefore the suspicion was that these updates disabled old TLS versions and the new versions were not on 2012 R2.

The resolution in this case was to move to a new server at a later version.