Enable TLS 1.2 In Exchange 2010 Server Running On Windows 2008R2 Server
TLS 1.2 is NOT enabled on Windows 2008R2 Server with Exchange 2010 SP3 installed by default, and the following error message is prompted when accessing Outlook Web Mail (https://mail.yshvili.com) with Google Chrome
PowerShell to Enable TLS 1.2 and Disable TLS 1.1, SSL 2.0 & SSL 3.0
# Enable TLS 1.2 on Windows 2008R2
$Path ="HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\"
New-Item -Path $Path -Name "TLS 1.2"
New-Item -Path $Path\"TLS 1.2" -Name "Client"
New-Item -Path $Path\"TLS 1.2" -Name "Server"
New-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Client' -Name "DisabledByDefault" -Value 0 -PropertyType "DWord"
New-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Server' -Name "DisabledByDefault" -Value 0 -PropertyType "DWord"
# Disabled TLS 1.1 on Windows 2008R2
New-Item -Path $Path -Name "TLS 1.1"
New-Item -Path $Path\"TLS 1.1" -Name "Client"
New-Item -Path $Path\"TLS 1.1" -Name "Server"
New-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Client' -Name "DisabledByDefault" -Value 1 -PropertyType "DWord"
New-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Server' -Name "DisabledByDefault" -Value 1 -PropertyType "DWord"
#Disable SSL 2.0
New-Item -Path $Path\"SSL 2.0" -Name "Server"
New-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\SSL 2.0\Server' -Name "DisabledByDefault" -Value 1 -PropertyType "DWord"
#Disable SSL 3.0
New-Item -Path $Path -Name "SSL 3.0"
New-Item -Path $Path\"SSL 3.0" -Name "Client"
New-Item -Path $Path\"SSL 3.0" -Name "Server"
New-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\SSL 3.0\Client' -Name "DisabledByDefault" -Value 1 -PropertyType "DWord"
New-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\SSL 3.0\Server' -Name "DisabledByDefault" -Value 1 -PropertyType "DWord"
#Reboot Server
#Restart-Computer
DONE :-)
Verify the Exchange 2010 version installed
Verify the version of the existing Exchange 2010 Server by referring to Exchange Server build numbers and release dates
Get-Command ExSetup | ForEach {$_.FileVersionInfo}