Enable TLS 1.2 Exchange 2010

exchange windows-server-2012 exchange-2010
6,762

First, Install SP3 RU19:

https://technet.microsoft.com/en-us/library/hh135098(v=exchg.150).aspx

Using IIS crypto is the easiest way to check and set all your SChannel settings at a glance:

https://www.nartac.com/Products/IISCrypto

NOTE: If you disable TLS 1.0 and below then all of your clients will need to be at the correct patch level to communicate with all Exchange subsystems. Specifically Windows 7 clients need a special process that I recently went through here: Outlook 2013: MailTips, OOF, Free/Busy Availability all failing to pull from Exchange 2010 server

Share:
6,762

Related videos on Youtube

JonHeinzig
Author by

JonHeinzig

Updated on September 18, 2022

Comments

  • JonHeinzig
    JonHeinzig over 1 year

    Due to Microsoft's announcement that TLS 1.0 and 1.1 will be end of support, the company is now asking to get TLS 1.2 enabled and by default.

    My question is, what are the complete steps on enabling TLS 1.2 on Exchange 2010? We are currently running on RU17. What do I need to do to enable it?

    I don't see TLS 1.2 in the Windows registry.

  • JonHeinzig
    JonHeinzig about 6 years
    Thank you! The CAS/HUB servers are showing with TLS 1.2 enabled on Schannel but the MBX servers do not. Do all of the servers need to have TLS 1.2 on schannel?
  • JonHeinzig
    JonHeinzig about 6 years
    Thank you! I'll further read through this. Is upgrading to RU19 really necessary or is RU17 good? It looks like the CAS/HUB servers on the environment already have 1.2 on the schannel registry but not the MBX(s). If I need to enable TLS 1.2, do all of the servers need to have it?
  • HackSlash
    HackSlash about 6 years
    All servers and all clients need to be speaking the same language or you will get odd failures that will be very difficult to troubleshoot. Update everyone to RU19 and enable TLS1.1 + TLS1.2 then update and patch the clients before you turn off TLS1.0.
  • Sembee
    Sembee about 6 years
    The way I have read the guidance is that RU19 is required. If you want to disable TLS 1.0 then everything needs to be able to support it - clients and other servers. Otherwise it should downgrade to a version that is supported (the lowest downgrade being 1.0).
  • JonHeinzig
    JonHeinzig about 6 years
    Thank you very much. One of my concerns is that, according to MS, Windows 2012 has TLS 1.2 enabled by default, but when I look at the SCAHNNEL registry setting, it doesn't have ANY entries for TLS. Can you help explain why? Thank you in advance.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Exchange 2013 ECP looping to login page
How do I hide meeting attendees in Outlook 2010?
Adding exchange room calendars to iPad
fastest way to migrate exchange 2010 mailboxes to another exchange 2010 server in same domain
Error when mount the database in exchange 2010 SP1
Exchange 2010 - slow performance
Exchange 2010 Block Internet Email, with exceptions
Exchange 2013 Error - MapiExceptionUnknownUser: Unable to open message store
Exchange 2010 non-mailbox users not visible via EMC
Access OWA via http://servername/exchange?