Forum Discussion
[Edited 2125hr 13/10/22 to correct the number of ciphers accepted for TLSv1.2 for https://pay-event-publisher.payroll.prod.myob.com. Third one is ECDHE-RSA-CHACHA20-POLY1305 however it seems it might not be supported in Windows 10 or Windows Server 2022]
Steve,
My findings indicate that as a minimum, the following Windows desktop or server versions are required:
1. Windows desktop 10 or greater.
2. Windows Server 2016 or greater.
I have just seen Tracey's email (MYOB) and have checked the link to Windows versions listed as "Minimum System Requirements" for AccountRight 2019, 2020 and 2021. There is no mention of v2022.
This is the list copied from the link:
Quote
Microsoft Windows 10
Microsoft Windows 8.1
Windows Server 2019
Windows Server 2016
Windows Server 2012
Note: Microsoft Windows 7 (SP1, 32-bit or 64-bit) and Windows Server 2008 (R2 SP1, 32-bit or 64-bit) as a file server or workstation are not supported.
End Quote
My investigations indicate the reasons the older Windows version don't work are:
1. Missing new Root Certificate authorities in the Windows operating certificate store.
2. Missing encryption/decryption ciphers in the Windows operating system.
Point 1.
Updates to the Root Certificates and other Trusted public certificates are normally managed by Windows updates.
For me, running AccountRight2022 in offline mode on Windows 7SP1, Microsoft no longer provides updates.
You can add the required certificates manually, if you have appropriate access authorisation on the Windows computer and, just as important, know which certificate(s) are required.
Point 2.
As of this morning (13/10/22) when I last tested, one of the MYOB web sites involved with STP (eg. https://pay-event-publisher.payroll.prod.myob.com) was still configured to only accept three ciphers for the secure TLS connection which are not present in Windows 7SP1, Windows 8, Window 8.1, Windows Server 2008R2 or Windows 2012R2.
The ciphers were only added starting with Windows 10 and Windows 2016.
Nothing can be done about the missing ciphers on Windows. Microsoft didn't make them available for these Windows versions. MYOB could make their web server(s) accept other acceptable strong ciphers that might be present on at least Windows 8.1, WIndows 2012R2. Not all their web servers accessed by AccountRight have the limited ciphers restriction of https://pay-event-publisher.payroll.prod.myob.com.
TLSv1.3 support only appeared in Windows 10 and Windows Server 2022.
Hopefully this makes some sense and is helpful.
Regards
Paul
Found this today in one of the logs, for a day I tried to do a Nil pay to check STP. Does it mean anything to anyone???
2022-10-09 23:41:30.2001,MYOB.Huxley.UI.Decorators.DecoratorFaultProcessor,Error,1,Unhandled error. : MYOB.Huxley.API.HuxleySingleTouchPayrollServiceException: (SingleTouchPayrollServiceError): Error while trying to post pay event to 'https://pay-event-publisher.payroll.prod.myob.com/payevent' ---> System.AggregateException: One or more errors occurred. ---> System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context)
at System.Net.Http.HttpClientHandler.GetRequestStreamCallback(IAsyncResult ar)
--- End of inner exception stack trace ---
--- End of inner exception stack trace ---
at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken)
at System.Threading.Tasks.Task.Wait(TimeSpan timeout)
at MYOB.Huxley.Utilities.RestClient.HttpResponseMessageTaskHelper.WaitForResponseAndEnsureSuccess(Task`1 task, Nullable`1 timeout)
at MYOB.ARLive.BusinessLayer.Implementation.Services.SingleTouchPayroll.SingleTouchPayrollService.SendPayEvent(SendPayEventBusinessOperation businessOperation)
--- End of inner exception stack trace ---
- John212 years agoExperienced User
Thanks Paul for your response,
We are running the file locally on a server. All PC's are on Windows 10 for users but our server is still running on 2012R2.
Our IT guy has quoted us to upgrade the server to 2016 (quite expensive and time consuming) and as everything else is running well would prefer to not upgrade. Also we can not get any confirmation from MYOB that guarantees that all will be ok if we upgrade the server to 2016. There are no specs that I can see for servers to run Accountright 2022.
Interestingly I am told our backups work fine.
I am wondering if I copy the file to a local PC running Win10 and run payroll - will that work? As a temp solution. And then restore to the server. Obviously no one else can use the file at this time.
Ah the joys of not having support when you pay for it.........
- John212 years agoExperienced User
Hi Steven,
In relation to STP2 - Myob advised us that we only need to place the file online for the setup and then we can return to our server. They provided instructions in regards to this. Please check before providing advice that may not be correct.
For various reasons many customers prefer to store their files locally rather than online. Personally if we are forced to go online then we will most likely change to another software package.
- John212 years agoExperienced User
Update - work around to lodge your existing STP reports. Note this will not fix the issue but will send past reports to ATO.
For those running data file on a local server and make sure no one is using MYOB at the time
1 - Copy the data file from your server to a local PC running Win10
2 - Rename the file (I added "STP" in the name)
3 - Open the file from that PC (using the library to add the file in your list)
4 - Login and go to Payroll Reporting and you should find all the unlodged STP reports
5 - You can test send by sending one of the files. If successful continue
6 - Restore the "STP" named file to the server.
7 - Rename the existing file to something like "pre STP fix"
8 - Rename the copied and restored file to your desired name
9 - Login as per normal to the file restored onto the server and you can send all the remaining STP files
Note - I state again you will still get the error next time you run payroll.
In summary the problem appears to be with Server version 2012 but not sure if we can fix it or need to update to 2016. Waiting on MYOB to advise further as the costs to update to 2016 or later are significant.
Short term fix and I guess you can repeat the process until all is fixed somehow
- IhateMYOBupgrad2 years agoExperienced Cover User
Thanks John
I tried this and when I went into payroll reporting the last 4 payruns weren't showing at all.
I've processed a nil payrun and now the previous payruns are showing but the nil isn't.
I've sucessfully sent the oldest payrun (doing them one at a time in order to hopefully reduce any EOY issues)
As painful as this is, it is at least a work around. Thank you for doing what MYOB haven't been able to do ie come up with a work around and advise people of it ChrisMYOB Tracey_H
- Julie-G2 years agoExperienced Cover User
Hi all
This message thread has been going for weeks now and MYOB Support is annoyingly very quiet.
All server edition users operating on a 2012 Server are now at the decision point of:
- do we go to the expense of doing a Server Upgrade now to at least a 2016 Server; or
- are we being forced online for STP2 from 1 Jan 2023 anyway, which makes the Server Upgrade financial commitment a complete waste of money for the sake of 2 months?
Can MYOB please confirm to all Server Users ASAP:
- STP2 will only ever be available for MYOB Accountright files kept Online
- as such, all server editions of MYOB Accountright will be obsolete from 31 Dec 2022?
This is imperative information to enable many MYOB users to make a financial decision that needs to be made right now.
Thank you
Julie
- John212 years agoExperienced User
Update again. I am now back in Oz and finding this easier to do:
1 - Copy the data file from your server to a local PC running Win10
2 - Rename the file (I added "STP" in the name)
3 - Open the file from that PC (using the library to add the file in your list)
4 - Login and go to Payroll Reporting and you should find all the unlodged STP reports
4A - If you dont find the unlodged reports then just do a xero pay for one employee. This should list them all.
5 - You can test send by sending one of the files. If successful continue and wait till all files show "accepted"
6 - Restore the "STP" named file to the server.
7 - Rename the existing file to something like "pre STP fix"
8 - Rename the copied and restored file to your desired name
9 - Login as per normal to the file restored onto the server and you can see all the files sent and run your YTD verification (to date) to reconcile your payroll.
- PRF2 years agoExperienced Cover User
John21,
This error means AccountRight has tried but failed to contact one of the MYOB web servers (https://pay-event-publisher.payroll.prod.myob.com) to access the STP information.
The key part is "The request was aborted: Could not create SSL/TLS secure channel."
MYOB are investigating this problem.
My investigations indicate this error will occur if you are running in offline mode (local AccountRight data file), not online mode, and are using a PC or server running an operating system version less than Windows 10 or Windows Server 2016 on the PC or server actually connecting to MYOB.
As examples, in an offline environment with the AccountRight data file served by a file server, my understanding is the operating system version of the file server must be greater than or equal to Windows Server 2016. The Windows version on the workstations may be less important but I can't confirm as I don't have access to this environment for testing.
One of the recent contributors to this thread (SteveR, 13/10/22) indicated they had updated their workstations to Windows 10 after experiencing this problem but their file server was still running Windows 2012R2 and they still had this problem.
In a single PC offline environment where the AccountRight file is stored locally in the MYOB folder in the users My Documents folder, I think the PC operating system must be Windows 10 or later.
Regards
Paul
- PRF2 years agoExperienced Cover User
John21,
I haven't tried the option you have suggested but it seems like it might work. I'm unsure whether there is anything stored in the data file that might specify it's come from an environment where it is installed on a file server or whether this sort of configuration information in in the AccountRight Server install application.
Make sure you have at least one backup of the data file and I would suggest testing using a copy, not the original data file.
My reason for suggesting Windows Server 2016 should work is because two of the security ciphers required to successfully connect to pay-event-publisher.payroll.prod.myob.com via a TLSv1.2 connection were introduced by Microsoft in Windows Server 2016 and Windows 10 v1507. They are not present in earlier Windows Server or desktop versions.
Make sure you have the latest updates to Windows 10 to ensure it has the latest Root and Intermediate certificates installed in the operating system certificate store. The important Root certificate is named ISRG Root X1.
Testing whether a secure connection can be made to the above web site using a browser such as Firefox will not confirm the Windows operating system certificate store has the correct Root Certificate as Firefox has its own certificate store (and TLS code).
I'm not sure whether the Microsoft Edge browser is similar or whether it uses the operating system certificate store and TLS code (Schannel).
My understanding is AccountRIght v2022 uses the operating system certificate store and Schannel code.
Regards
Paul
- John212 years agoExperienced User
Thanks Paul will do some testing on a copy of the data file.
The rest will leave to our IT guy as its far too much for a simple accountant like me.
I did notice one change with last week's update - different error message LOL
Latest update - copied the data file from the server to a Win10 PC and the unsent STP files are in the Payroll Reporting Centre waiting to be sent. Will try and send one and then upload the file again to the server to see what happens.