Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

MICROS 3700 - Credit Cards Failing - No Phone Line - TLS 1.2

Status
Not open for further replies.

Kniteschaed

Programmer
Dec 8, 2015
20
US
Spent almost 4 hours jumping back and forth between MICROS Support, Upserve, and First Data before obtaining resolution.

Problem
Could not pre-authorize or close a credit card.

Details
MICROS Workstation displayed:
[ul]
[li]Sending authorization [/li]
[li]Waiting for authorization[/li]
[li]Dialing primary[/li]
[li]Dialing backup number[/li]
[li]Error: No Dial Tone[/li]
[/ul]

Short Story
I was told that this was due to our payment processor enforcing TLS 1.2 earlier than expected.
In the end, MICROS logged into our system, using Bomgar, and patched our Credit Card drivers (DLL) to make us compliant with TLS 1.2.
We were able to take credit cards immediately after the patch.

Hiccups To Resolution
Initially it was all network checks to make sure it wasn't anything on my end.
I quickly determined this was not network related and proceeded to contact the vendors.

The first technician at Upserve I talked to was clearly unaware of the TLS driver issue.
He checked First Data and confirmed that they were up/working and then told me to talk to MICROS.

Because of the error: "No Dial Tone" MICROS initially presumed it was a problem with my modem/payment processor.
This caused them to check and restart my Services (specifically: MDS HTTP Server, Interface Server, and Credit Card Server).
They did not volunteer any information about TLS 1.2.
They told me to contact my payment processor.

The second technician at Upserve seemed much more versed in what was going on (and by this time the wait in queue was approximately 30 minutes)
They told me to call MICROS, ask for a manager (if necessary), and request the MICROS TLS Security Update.

Called MICROS, requested manager, and got told that they have been getting a lot of reports about TLS but that it was not provided by Oracle MICROS.
That, despite my frustrations and that Upserve assured me MICROS would provide the patch, I would have to contact Upserve and get the patch from them.

The third person I spoke with at Upserve was clearly versed in the TLS driver issue (and still the wait in queue was approximately 30 minutes).
He volunteered to contact MICROS directly. He told me MICROS would call me back. He also advised me to do whatever I could to save my credit card data (if I had had any successful transactions today) because the TLS 1.2 patch has caused existing transactions to not batch and some customers had reported losing money/transactions if they were unable to batch before the patch or otherwise save the transaction data.

Within 20 minutes MICROS called me back (while I was still on the phone with Upserve), logged into our system, using Bomgar, and patched our Credit Card drivers (DLL) to make us compliant with TLS 1.2.
MICROS said that normally this should have been provided by the payment processor (Upserve or First Data - I don't know) but that First Data was enforcing TLS 1.2 earlier than expected and it was causing a great deal of trouble for some businesses.

We were able to take credit cards immediately after the patch.

 
Merchant Link is going to start enforcing TLS 1.2 in June as far as I'm aware, so anyone reading this will need to make sure they are on a newer version of the driver. I believe the minimum transaction vault version is 5.1 for TLS 1.2, though I could be mistaken.

If in the logs you are getting OSSL errors, it means you likely are missing some root certificates. If you have windows update disabled, enable it again and run everything so that you have the latest root certificates. You can also contact Merchant Link who will provide you with the certificates which you can manually import.
 
I can confirm the above issues with Upserve. This is exactly what we went through and was a major headache (that happened to fall on a Saturday afternoon for me). What was weirder was that prior to this complete outage, there were 2 instances in which there were temporary outages that lasted less than a day each time. When the complete outage occurred, the only fix for us was settling batches (we backup to dialup modems), upgrading the driver, and it solved the issue EVERY TIME.

We do have a few stores tied to MLI/TV driver for various reasons.... Moregelen, was the root certificate import/update part of the required tasks to complete the transition to TLS 1.1/1.2?
 
It depends. When Micros originally staged our systems, they disabled windows updates and disabled the updating of root certificates from windows updates. This means our root certs were never updated. If our certificates had been up to date (we are working on getting Windows Updates working again, but after going 4 years without running updates getting updates working is proving difficult), installing the driver would have been sufficient. You should just have to update the transaction vault driver and nothing else; if you are already going through as TLS 1.1 you should be good as from what we can tell they use the same certificates. We were going from TLS 1.0 to TLS 1.2 on our systems.
 
Any issues if the Micros pc is running Windows XP? And did Micros charge for the upgrade if you do not pay for support?
 
Yes Johnny. Major issues. It won't work at all. You need an upgrade. Yes there is a fee
 
Anyone have the patch they can share?
Also, which versions does this impact? All?
 
I found out all our terminals are 5a's so I think it just needs the software upgrade correct? And I will definitely have to replace the back end server. Does anyone know what the latest OS they are offering for the Micros server?

Thanks.
 
as of 5.6, you can use Windows Server 2016 or Windows 10 pro.
 
Johnny, the version of the workstation doesn't really matter. It processes through the server, not the workstation if you are using an integrated credit card drive.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top