@Tracey_H 

We are using the correct versions and are up to date. I've already submitted this info. Payroll run today still wouldn't report. I now haven't reported for 4 weeks.  Why aren't MYOB contacting the people who are on this forum & giving you the info you have asked for?  I can guarantee I'll answer the phone if you call. No point me calling MYOB as I don't have hours to waste

Found this today in one of the logs, for a day I tried to do a Nil pay to check STP. Does it mean anything to anyone???

2022-10-09 23:41:30.2001,MYOB.Huxley.UI.Decorators.DecoratorFaultProcessor,Error,1,Unhandled error. : MYOB.Huxley.API.HuxleySingleTouchPayrollServiceException: (SingleTouchPayrollServiceError): Error while trying to post pay event to 'https://pay-event-publisher.payroll.prod.myob.com/payevent' ---> System.AggregateException: One or more errors occurred. ---> System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context)
at System.Net.Http.HttpClientHandler.GetRequestStreamCallback(IAsyncResult ar)
--- End of inner exception stack trace ---
--- End of inner exception stack trace ---
at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken)
at System.Threading.Tasks.Task.Wait(TimeSpan timeout)
at MYOB.Huxley.Utilities.RestClient.HttpResponseMessageTaskHelper.WaitForResponseAndEnsureSuccess(Task`1 task, Nullable`1 timeout)
at MYOB.ARLive.BusinessLayer.Implementation.Services.SingleTouchPayroll.SingleTouchPayrollService.SendPayEvent(SendPayEventBusinessOperation businessOperation)
--- End of inner exception stack trace ---

John21,

This error means AccountRight has tried but failed to contact one of the MYOB web servers (https://pay-event-publisher.payroll.prod.myob.com) to access the STP information.

The key part is "The request was aborted: Could not create SSL/TLS secure channel."

MYOB are investigating this problem.

My investigations indicate this error will occur if you are running in offline mode (local AccountRight data file), not online mode, and are using a PC or server running an operating system version less than Windows 10 or Windows Server 2016 on the PC or server actually connecting to MYOB.

As examples, in an offline environment with the AccountRight data file served by a file server, my understanding is the operating system version of the file server must be greater than or equal to Windows Server 2016.  The Windows version on the workstations may be less important but I can't confirm as I don't have access to this environment for testing.

One of the recent contributors to this thread (SteveR, 13/10/22) indicated they had updated their workstations to Windows 10 after experiencing this problem but their file server was still running Windows 2012R2 and they still had this problem.

In a single PC offline environment where the AccountRight file is stored locally in the MYOB folder in the users My Documents folder, I think the PC operating system must be Windows 10 or later.

Regards

Paul

Thanks Paul for your response,

We are running the file locally on a server. All PC's are on Windows 10 for users but our server is still running on 2012R2.

Our IT guy has quoted us to upgrade the server to 2016 (quite expensive and time consuming) and as everything else is running well would prefer to not upgrade. Also we can not get any confirmation from MYOB that guarantees that all will be ok if we upgrade the server to 2016. There are no specs that I can see for servers to run Accountright 2022.

Interestingly I am told our backups work fine.

I am wondering if I copy the file to a local PC running Win10 and run payroll - will that work? As a temp solution. And then restore to the server. Obviously no one else can use the file at this time.

Ah the joys of not having support when you pay for it.........

John21,

I haven't tried the option you have suggested but it seems like it might work.  I'm unsure whether there is anything stored in the data file that might specify it's come from an environment where it is installed on a file server or whether this sort of configuration information in in the AccountRight Server install application.

Make sure you have at least one backup of the data file and I would suggest testing using a copy, not the original data file.

My reason for suggesting Windows Server 2016 should work is because two of the security ciphers required to successfully connect to pay-event-publisher.payroll.prod.myob.com via a TLSv1.2 connection were introduced by Microsoft in Windows Server 2016 and Windows 10 v1507.  They are not present in earlier Windows Server or desktop versions.

Make sure you have the latest updates to Windows 10 to ensure it has the latest Root and Intermediate certificates installed in the operating system certificate store.  The important Root certificate is named ISRG Root X1.

Testing whether a secure connection can be made to the above web site using a browser such as Firefox will not confirm the Windows operating system certificate store has the correct Root Certificate as Firefox has its own certificate store (and TLS code).

I'm not sure whether the Microsoft Edge browser is similar or whether it uses the operating system certificate store and TLS code (Schannel).

My understanding is AccountRIght v2022 uses the operating system certificate store and Schannel code.

Regards

Paul

Thanks Paul will do some testing on a copy of the data file.

The rest will leave to our IT guy as its far too much for a simple accountant like me.

I did notice one change with last week's update - different error message LOL

Latest update - copied the data file from the server to a Win10 PC and the unsent STP files are in the Payroll Reporting Centre waiting to be sent. Will try and send one and then upload the file again to the server to see what happens.

Update - work around to lodge your existing STP reports. Note this will not fix the issue but will send past reports to ATO.

For those running data file on a local server and make sure no one is using MYOB at the time

1 - Copy the data file from your server to a local PC running Win10

2 - Rename the file (I added "STP" in the name)

3 - Open the file from that PC (using the library to add the file in your list)

4 - Login and go to Payroll Reporting and you should find all the unlodged STP reports

5 - You can test send by sending one of the files. If successful continue

6 - Restore the "STP" named file to the server.

7 - Rename the existing file to something like "pre STP fix"

8 - Rename the copied and restored file to your desired name

9 - Login as per normal to the file restored onto the server and you can send all the remaining STP files

Note - I state again you will still get the error next time you run payroll.

In summary the problem appears to be with Server version 2012 but not sure if we can fix it or need to update to 2016. Waiting on MYOB to advise further as the costs to update to 2016 or later are significant.

Short term fix and I guess you can repeat the process until all is fixed somehow

it is ridiculous to wait for 2 hours to  speak someone about STP not working. They said I have to upload to Live and promise to give me a call on Friday. but that is not phone call on Friday. this morning I spend 1 and half hours to speak someone to upload the MYOB. But the phone line cut off  twice. What a waste time.

John21,

Well done!

To me a solution seems quite straightfoward.  MYOB can change the configuration of the web servers serving, at least, https://pay-event-publisher.payroll.prod.myob.com and https://stp.payroll.prod.myob.com to allow a couple of other ciphers to be used when establishing secure connections from the AccountRight application when using TLSv1.2.

https://cdn-stp.payroll.prod.myob.com already has a number of additional ciphers enabled for TLSv1.2.  I 'm pretty certain at least two of these are supported by Windows 7SP1, 8, 8.1 and Windows Server 2012R2. 

According to https://learn.microsoft.com/en-us/windows/win32/secauthn/cipher-suites-in-schannel, these are supported by Microsoft when an application passes the SCH_USE_STRONG_CRYPTO flag.

I'm not a security expert so there may well be good reasons for not enabling these additional ciphers.  On the otherhand, they are already enabled on some of their web servers.

Regards

Paul