Forum Discussion
Update - work around to lodge your existing STP reports. Note this will not fix the issue but will send past reports to ATO.
For those running data file on a local server and make sure no one is using MYOB at the time
1 - Copy the data file from your server to a local PC running Win10
2 - Rename the file (I added "STP" in the name)
3 - Open the file from that PC (using the library to add the file in your list)
4 - Login and go to Payroll Reporting and you should find all the unlodged STP reports
5 - You can test send by sending one of the files. If successful continue
6 - Restore the "STP" named file to the server.
7 - Rename the existing file to something like "pre STP fix"
8 - Rename the copied and restored file to your desired name
9 - Login as per normal to the file restored onto the server and you can send all the remaining STP files
Note - I state again you will still get the error next time you run payroll.
In summary the problem appears to be with Server version 2012 but not sure if we can fix it or need to update to 2016. Waiting on MYOB to advise further as the costs to update to 2016 or later are significant.
Short term fix and I guess you can repeat the process until all is fixed somehow
John21,
Well done!
To me a solution seems quite straightfoward. MYOB can change the configuration of the web servers serving, at least, https://pay-event-publisher.payroll.prod.myob.com and https://stp.payroll.prod.myob.com to allow a couple of other ciphers to be used when establishing secure connections from the AccountRight application when using TLSv1.2.
https://cdn-stp.payroll.prod.myob.com already has a number of additional ciphers enabled for TLSv1.2. I 'm pretty certain at least two of these are supported by Windows 7SP1, 8, 8.1 and Windows Server 2012R2.
According to https://learn.microsoft.com/en-us/windows/win32/secauthn/cipher-suites-in-schannel, these are supported by Microsoft when an application passes the SCH_USE_STRONG_CRYPTO flag.
I'm not a security expert so there may well be good reasons for not enabling these additional ciphers. On the otherhand, they are already enabled on some of their web servers.
Regards
Paul