After entering the organisation code and registration key into the RM Unify AD Sync Config tool and clicking Continue, the following error message is displayed:

"Registration failed."

When you look in the RM Unify AD Sync log, you see the following error:

"Configuration Tool",ERROR,"Main","Error occurred during Registration with RM Unify - System.ApplicationException: Unable to connect to RM Unify for <DfE Code> ---> System.ServiceModel.CommunicationException: An error occurred while making the HTTP request to https://api.platform.rmunify.com/unifyprovisioning/identityprovider.svc. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Received an unexpected EOF or 0 bytes from the transport stream."

Additionally, EventID 36871 SChannel 'A fatal error occurred' may be logged in the Event Viewer, System Log.

This error can occur when neither the .NET Framework nor the server operating system allows TLS1.x communication. RM Unify AD Sync does support communication over TLS 1.x, but its the underlying configuration of .NET Framework 3.5 and the server operating system that controls which TLS version is used in RM Unify AD Sync communications.

TLS 1.0 and 1.1 are less secure than TLS 1.2, so (ideally) TLS 1.2 should be supported by the .NET 3.5 Framework and the operating system.

On Windows Server 2012 R2 and later, the operating system should default to supporting TLS1.2 and having the latest Windows updates for .NET Framework 3.5 installed should enable .NET Framework 3.5 to support TLS1.2, but sometimes registry keys need to be added manually.

Using How to enable TLS1.2 on the site servers and remote site systems as a reference, add the following registry keys:

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727]
      "SystemDefaultTlsVersions" = dword:00000001
      "SchUseStrongCrypto" = dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
      "SystemDefaultTlsVersions" = dword:00000001
      "SchUseStrongCrypto" = dword:00000001

Using Transport Layer Security (TLS) registry settings as a reference, set TLS 1.2 to an enabled state. The final configuration will look like below:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"Enabled"=dword:00000001
"DisabledByDefault"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"Enabled"=dword:00000001
"DisabledByDefault"=dword:00000000 

If the subkey HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2 does not exist, create it manually in the registry.