Enable TLS 1.2 In Exchange 2010 Server Running On Windows 2008R2 Server

TLS 1.2 is NOT enabled on Windows 2008R2 Server with Exchange 2010 SP3 installed by default, and the following error message is prompted when accessing Outlook Web Mail (https://mail.yshvili.com) with Google Chrome

PowerShell to Enable TLS 1.2 and Disable TLS 1.1, SSL 2.0 & SSL 3.0

# Enable TLS 1.2 on Windows 2008R2 
$Path ="HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\"
New-Item -Path $Path -Name "TLS 1.2"
New-Item -Path $Path\"TLS 1.2" -Name "Client"
New-Item -Path $Path\"TLS 1.2" -Name "Server"
New-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Client' -Name "DisabledByDefault" -Value 0 -PropertyType "DWord"
New-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Server' -Name "DisabledByDefault" -Value 0 -PropertyType "DWord"

# Disabled TLS 1.1 on Windows 2008R2 
New-Item -Path $Path -Name "TLS 1.1"
New-Item -Path $Path\"TLS 1.1" -Name "Client"
New-Item -Path $Path\"TLS 1.1" -Name "Server"
New-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Client' -Name "DisabledByDefault" -Value 1 -PropertyType "DWord"
New-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Server' -Name "DisabledByDefault" -Value 1 -PropertyType "DWord"

#Disable SSL 2.0
New-Item -Path $Path\"SSL 2.0" -Name "Server"
New-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\SSL 2.0\Server' -Name "DisabledByDefault" -Value 1 -PropertyType "DWord"

#Disable SSL 3.0
New-Item -Path $Path -Name "SSL 3.0"
New-Item -Path $Path\"SSL 3.0" -Name "Client"
New-Item -Path $Path\"SSL 3.0" -Name "Server"
New-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\SSL 3.0\Client' -Name "DisabledByDefault" -Value 1 -PropertyType "DWord"
New-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\SSL 3.0\Server' -Name "DisabledByDefault" -Value 1 -PropertyType "DWord"

#Reboot Server
DONE :-)

Verify the Exchange 2010 version installed

Verify the version of the existing Exchange 2010 Server by referring to Exchange Server build numbers and release dates

Get-Command ExSetup | ForEach {$_.FileVersionInfo}

Leave a Reply

Your email address will not be published.

Reload Image

This site uses Akismet to reduce spam. Learn how your comment data is processed.

WhatsApp Logo IT World