Enable TLS 1.2 in Windows Server 2012 running Exchange 2013 via IIS 8.0 The 2019 Stack Overflow Developer Survey Results Are InHow to enable TLS 1.1, 1.2 in IIS 7.5How to enable “Sleep” for Windows 2012 serverLync & TLS: Event 36874 - how to handle?No Burflags in registryExchange 2013 and TLS 1.1/1,2Separate TLS control for MSSQL & IISIs it possible to configure ARR to make TLS 1.2 outgoing connections in Server 2008 R2?TLS 1.2 client hello triggers TCP Reset from 2012 R2Enable TLS 1.2 Exchange 2010Setup Exchange 2013 Organization Relationship using TLS 1.2
How can I autofill dates in Excel excluding Sunday?
Why do we hear so much about the Trump administration deciding to impose and then remove tariffs?
How come people say “Would of”?
What does Linus Torvalds mean when he says that Git "never ever" tracks a file?
Why hard-Brexiteers don't insist on a hard border to prevent illegal immigration after Brexit?
How are circuits which use complex ICs normally simulated?
Why is the maximum length of OpenWrt’s root password 8 characters?
Am I thawing this London Broil safely?
What to do when moving next to a bird sanctuary with a loosely-domesticated cat?
Why not take a picture of a closer black hole?
Is this app Icon Browser Safe/Legit?
What did it mean to "align" a radio?
Protecting Dualbooting Windows from dangerous code (like rm -rf)
What are the motivations for publishing new editions of an existing textbook, beyond new discoveries in a field?
What does ひと匙 mean in this manga and has it been used colloquially?
FPGA - DIY Programming
What is the meaning of Triage in Cybersec world?
Identify boardgame from Big movie
slides for 30min~1hr skype tenure track application interview
Button changing it's text & action. Good or terrible?
What is the most effective way of iterating a std::vector and why?
One word riddle: Vowel in the middle
Are spiders unable to hurt humans, especially very small spiders?
Are there any other methods to apply to solving simultaneous equations?
Enable TLS 1.2 in Windows Server 2012 running Exchange 2013 via IIS 8.0
The 2019 Stack Overflow Developer Survey Results Are InHow to enable TLS 1.1, 1.2 in IIS 7.5How to enable “Sleep” for Windows 2012 serverLync & TLS: Event 36874 - how to handle?No Burflags in registryExchange 2013 and TLS 1.1/1,2Separate TLS control for MSSQL & IISIs it possible to configure ARR to make TLS 1.2 outgoing connections in Server 2008 R2?TLS 1.2 client hello triggers TCP Reset from 2012 R2Enable TLS 1.2 Exchange 2010Setup Exchange 2013 Organization Relationship using TLS 1.2
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
I got some issues getting the TLS 1.2 protocol running on one of our Windows Server 2012 machines. I checked this using ssllabs.com by Qualys and also tested with a powershell script and the linux tool "cipherscan".
The server hosts one Exchange 2013 SP1 (CU4) Server, with IIS 8.0. The certificate used is issued by our company CA. Another Windows Server 2012 with the same Exchange 2013 SP1 (CU4) installation works perfectly with the same certificate.
As I could research Windows Server 2012 uses TLS 1.2 by default. However this setting can be configured using the registry:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Client
DWORD "DisabledByDefault" Value "0x00000000"
DWORD "Enabled" Value "0x00000001" or "0xffffffff"
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Server
DWORD "DisabledByDefault" Value "0x00000000"
DWORD "Enabled" Value "0x00000001" or "0xffffffff"
Microsoft also mentions that this local group policy setting might help:
System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing
As this setting should be set inside the operating system Microsoft also recommends to enable TLS 1.2 usage in the Internet Options of Internet Explorer.
I tried all of these 3 options, but none worked for me. Just to make this clear. The server (not just the IIS Service) was rebooted serveral times after enabling each of the settings.
Most guides and Scripts (e.g. powershell) just set the corresponding keys in the registry. I don't know exactly what else I could try.
I hope that somebody got the clue where to enable this.
windows-server-2012 tls exchange-2013
asked Feb 16 '15 at 12:51
KevinKevin
3162510
bumped to the homepage by Community♦ 13 hours ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
I got some issues getting the TLS 1.2 protocol running on one of our Windows Server 2012 machines. I checked this using ssllabs.com by Qualys and also tested with a powershell script and the linux tool "cipherscan".
The server hosts one Exchange 2013 SP1 (CU4) Server, with IIS 8.0. The certificate used is issued by our company CA. Another Windows Server 2012 with the same Exchange 2013 SP1 (CU4) installation works perfectly with the same certificate.
As I could research Windows Server 2012 uses TLS 1.2 by default. However this setting can be configured using the registry:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Client
DWORD "DisabledByDefault" Value "0x00000000"
DWORD "Enabled" Value "0x00000001" or "0xffffffff"
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Server
DWORD "DisabledByDefault" Value "0x00000000"
DWORD "Enabled" Value "0x00000001" or "0xffffffff"
Microsoft also mentions that this local group policy setting might help:
System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing
As this setting should be set inside the operating system Microsoft also recommends to enable TLS 1.2 usage in the Internet Options of Internet Explorer.
I tried all of these 3 options, but none worked for me. Just to make this clear. The server (not just the IIS Service) was rebooted serveral times after enabling each of the settings.
Most guides and Scripts (e.g. powershell) just set the corresponding keys in the registry. I don't know exactly what else I could try.
I hope that somebody got the clue where to enable this.
windows-server-2012 tls exchange-2013
asked Feb 16 '15 at 12:51
KevinKevin
3162510
bumped to the homepage by Community♦ 13 hours ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
1
Check for lastest windows update . Because microsoft failled an update with schannel (tls subsystem) and changed the order for cipher . There is a tool to check cipher order in gui : nartac.com/Products/IISCrypto for me he work everytime (try on test machine if you don't trust the exe) .
– YuKYuK
Feb 16 '15 at 12:59
I already tried that tool, and it tells me that TLS 1.2 is enabled. I also tried to disable it --> reboot and enable it again --> reboot. If this is important I might edit the question and post the order, just tell me. However do you know which Windows update in particular I should look for, as I can't just install all updates before the next maintainence window.
– Kevin
Feb 16 '15 at 13:14
2
KB2992611 is the one with fail cipher order (bug on a lot of client) . They updated it . For more details : support.microsoft.com/kb/2992611
– YuKYuK
Feb 16 '15 at 13:20
Thank you. This particular update is in fact missing on our server. I'll try that and report the result.
– Kevin
Feb 16 '15 at 13:25
1
Hello YuKYuK. The KB2992611 update solved my problem. The intersting fact although is that the other Exchange server also is missing that update. It works however.
– Kevin
Feb 16 '15 at 13:34
add a comment |
I got some issues getting the TLS 1.2 protocol running on one of our Windows Server 2012 machines. I checked this using ssllabs.com by Qualys and also tested with a powershell script and the linux tool "cipherscan".
The server hosts one Exchange 2013 SP1 (CU4) Server, with IIS 8.0. The certificate used is issued by our company CA. Another Windows Server 2012 with the same Exchange 2013 SP1 (CU4) installation works perfectly with the same certificate.
As I could research Windows Server 2012 uses TLS 1.2 by default. However this setting can be configured using the registry:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Client
DWORD "DisabledByDefault" Value "0x00000000"
DWORD "Enabled" Value "0x00000001" or "0xffffffff"
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Server
DWORD "DisabledByDefault" Value "0x00000000"
DWORD "Enabled" Value "0x00000001" or "0xffffffff"
Microsoft also mentions that this local group policy setting might help:
System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing
As this setting should be set inside the operating system Microsoft also recommends to enable TLS 1.2 usage in the Internet Options of Internet Explorer.
I tried all of these 3 options, but none worked for me. Just to make this clear. The server (not just the IIS Service) was rebooted serveral times after enabling each of the settings.
Most guides and Scripts (e.g. powershell) just set the corresponding keys in the registry. I don't know exactly what else I could try.
I hope that somebody got the clue where to enable this.
windows-server-2012 tls exchange-2013
asked Feb 16 '15 at 12:51
KevinKevin
3162510
I got some issues getting the TLS 1.2 protocol running on one of our Windows Server 2012 machines. I checked this using ssllabs.com by Qualys and also tested with a powershell script and the linux tool "cipherscan".
The server hosts one Exchange 2013 SP1 (CU4) Server, with IIS 8.0. The certificate used is issued by our company CA. Another Windows Server 2012 with the same Exchange 2013 SP1 (CU4) installation works perfectly with the same certificate.
As I could research Windows Server 2012 uses TLS 1.2 by default. However this setting can be configured using the registry:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Client
DWORD "DisabledByDefault" Value "0x00000000"
DWORD "Enabled" Value "0x00000001" or "0xffffffff"
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Server
DWORD "DisabledByDefault" Value "0x00000000"
DWORD "Enabled" Value "0x00000001" or "0xffffffff"
Microsoft also mentions that this local group policy setting might help:
System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing
As this setting should be set inside the operating system Microsoft also recommends to enable TLS 1.2 usage in the Internet Options of Internet Explorer.
I tried all of these 3 options, but none worked for me. Just to make this clear. The server (not just the IIS Service) was rebooted serveral times after enabling each of the settings.
Most guides and Scripts (e.g. powershell) just set the corresponding keys in the registry. I don't know exactly what else I could try.
I hope that somebody got the clue where to enable this.
windows-server-2012 tls exchange-2013
windows-server-2012 tls exchange-2013
asked Feb 16 '15 at 12:51
KevinKevin
3162510
asked Feb 16 '15 at 12:51
KevinKevin
3162510
asked Feb 16 '15 at 12:51
KevinKevin
3162510
asked Feb 16 '15 at 12:51
KevinKevin
3162510
asked Feb 16 '15 at 12:51
KevinKevin
3162510
3162510
bumped to the homepage by Community♦ 13 hours ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 13 hours ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
1
Check for lastest windows update . Because microsoft failled an update with schannel (tls subsystem) and changed the order for cipher . There is a tool to check cipher order in gui : nartac.com/Products/IISCrypto for me he work everytime (try on test machine if you don't trust the exe) .
– YuKYuK
Feb 16 '15 at 12:59
I already tried that tool, and it tells me that TLS 1.2 is enabled. I also tried to disable it --> reboot and enable it again --> reboot. If this is important I might edit the question and post the order, just tell me. However do you know which Windows update in particular I should look for, as I can't just install all updates before the next maintainence window.
– Kevin
Feb 16 '15 at 13:14
2
KB2992611 is the one with fail cipher order (bug on a lot of client) . They updated it . For more details : support.microsoft.com/kb/2992611
– YuKYuK
Feb 16 '15 at 13:20
Thank you. This particular update is in fact missing on our server. I'll try that and report the result.
– Kevin
Feb 16 '15 at 13:25
1
Hello YuKYuK. The KB2992611 update solved my problem. The intersting fact although is that the other Exchange server also is missing that update. It works however.
– Kevin
Feb 16 '15 at 13:34
add a comment |
1
Check for lastest windows update . Because microsoft failled an update with schannel (tls subsystem) and changed the order for cipher . There is a tool to check cipher order in gui : nartac.com/Products/IISCrypto for me he work everytime (try on test machine if you don't trust the exe) .
– YuKYuK
Feb 16 '15 at 12:59
I already tried that tool, and it tells me that TLS 1.2 is enabled. I also tried to disable it --> reboot and enable it again --> reboot. If this is important I might edit the question and post the order, just tell me. However do you know which Windows update in particular I should look for, as I can't just install all updates before the next maintainence window.
– Kevin
Feb 16 '15 at 13:14
2
KB2992611 is the one with fail cipher order (bug on a lot of client) . They updated it . For more details : support.microsoft.com/kb/2992611
– YuKYuK
Feb 16 '15 at 13:20
Thank you. This particular update is in fact missing on our server. I'll try that and report the result.
– Kevin
Feb 16 '15 at 13:25
1
Hello YuKYuK. The KB2992611 update solved my problem. The intersting fact although is that the other Exchange server also is missing that update. It works however.
– Kevin
Feb 16 '15 at 13:34
1
1
Check for lastest windows update . Because microsoft failled an update with schannel (tls subsystem) and changed the order for cipher . There is a tool to check cipher order in gui : nartac.com/Products/IISCrypto for me he work everytime (try on test machine if you don't trust the exe) .
– YuKYuK
Feb 16 '15 at 12:59
Check for lastest windows update . Because microsoft failled an update with schannel (tls subsystem) and changed the order for cipher . There is a tool to check cipher order in gui : nartac.com/Products/IISCrypto for me he work everytime (try on test machine if you don't trust the exe) .
– YuKYuK
Feb 16 '15 at 12:59
I already tried that tool, and it tells me that TLS 1.2 is enabled. I also tried to disable it --> reboot and enable it again --> reboot. If this is important I might edit the question and post the order, just tell me. However do you know which Windows update in particular I should look for, as I can't just install all updates before the next maintainence window.
– Kevin
Feb 16 '15 at 13:14
I already tried that tool, and it tells me that TLS 1.2 is enabled. I also tried to disable it --> reboot and enable it again --> reboot. If this is important I might edit the question and post the order, just tell me. However do you know which Windows update in particular I should look for, as I can't just install all updates before the next maintainence window.
– Kevin
Feb 16 '15 at 13:14
2
2
KB2992611 is the one with fail cipher order (bug on a lot of client) . They updated it . For more details : support.microsoft.com/kb/2992611
– YuKYuK
Feb 16 '15 at 13:20
KB2992611 is the one with fail cipher order (bug on a lot of client) . They updated it . For more details : support.microsoft.com/kb/2992611
– YuKYuK
Feb 16 '15 at 13:20
Thank you. This particular update is in fact missing on our server. I'll try that and report the result.
– Kevin
Feb 16 '15 at 13:25
Thank you. This particular update is in fact missing on our server. I'll try that and report the result.
– Kevin
Feb 16 '15 at 13:25
1
1
Hello YuKYuK. The KB2992611 update solved my problem. The intersting fact although is that the other Exchange server also is missing that update. It works however.
– Kevin
Feb 16 '15 at 13:34
Hello YuKYuK. The KB2992611 update solved my problem. The intersting fact although is that the other Exchange server also is missing that update. It works however.
– Kevin
Feb 16 '15 at 13:34
add a comment |
1 Answer
1
active
oldest
votes
One other option to enable SSL/TLS on your Windows Server is to use SSL crypto to updates the registry keys.
Furthermore you have the possibility to manage the cipher suite (Ciphers, Hashes and Key Exchanges).
https://www.nartac.com/Products/IISCrypto
answered Jul 21 '17 at 14:18
Alexandre RouxAlexandre Roux
320116
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f668026%2fenable-tls-1-2-in-windows-server-2012-running-exchange-2013-via-iis-8-0%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
One other option to enable SSL/TLS on your Windows Server is to use SSL crypto to updates the registry keys.
Furthermore you have the possibility to manage the cipher suite (Ciphers, Hashes and Key Exchanges).
https://www.nartac.com/Products/IISCrypto
answered Jul 21 '17 at 14:18
Alexandre RouxAlexandre Roux
320116
add a comment |
One other option to enable SSL/TLS on your Windows Server is to use SSL crypto to updates the registry keys.
Furthermore you have the possibility to manage the cipher suite (Ciphers, Hashes and Key Exchanges).
https://www.nartac.com/Products/IISCrypto
answered Jul 21 '17 at 14:18
Alexandre RouxAlexandre Roux
320116
add a comment |
One other option to enable SSL/TLS on your Windows Server is to use SSL crypto to updates the registry keys.
Furthermore you have the possibility to manage the cipher suite (Ciphers, Hashes and Key Exchanges).
https://www.nartac.com/Products/IISCrypto
answered Jul 21 '17 at 14:18
Alexandre RouxAlexandre Roux
320116
One other option to enable SSL/TLS on your Windows Server is to use SSL crypto to updates the registry keys.
Furthermore you have the possibility to manage the cipher suite (Ciphers, Hashes and Key Exchanges).
https://www.nartac.com/Products/IISCrypto
answered Jul 21 '17 at 14:18
Alexandre RouxAlexandre Roux
320116
answered Jul 21 '17 at 14:18
Alexandre RouxAlexandre Roux
320116
answered Jul 21 '17 at 14:18
Alexandre RouxAlexandre Roux
320116
answered Jul 21 '17 at 14:18
Alexandre RouxAlexandre Roux
320116
320116
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f668026%2fenable-tls-1-2-in-windows-server-2012-running-exchange-2013-via-iis-8-0%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
Check for lastest windows update . Because microsoft failled an update with schannel (tls subsystem) and changed the order for cipher . There is a tool to check cipher order in gui : nartac.com/Products/IISCrypto for me he work everytime (try on test machine if you don't trust the exe) .
– YuKYuK
Feb 16 '15 at 12:59
I already tried that tool, and it tells me that TLS 1.2 is enabled. I also tried to disable it --> reboot and enable it again --> reboot. If this is important I might edit the question and post the order, just tell me. However do you know which Windows update in particular I should look for, as I can't just install all updates before the next maintainence window.
– Kevin
Feb 16 '15 at 13:14
2
KB2992611 is the one with fail cipher order (bug on a lot of client) . They updated it . For more details : support.microsoft.com/kb/2992611
– YuKYuK
Feb 16 '15 at 13:20
Thank you. This particular update is in fact missing on our server. I'll try that and report the result.
– Kevin
Feb 16 '15 at 13:25
1
Hello YuKYuK. The KB2992611 update solved my problem. The intersting fact although is that the other Exchange server also is missing that update. It works however.
– Kevin
Feb 16 '15 at 13:34