Scenario
You are installing the Exclaimer Exchange Transport Agent and the Windows Event Viewer displays the following error:
Resolution
The error shows that the configuration has failed and the signature will not be applied. To resolve this issue, manually configure the Transport Layer Security (TLS) protocols.
Please click on the required options listed below to go through the detailed description:
Step 1: Ensure Windows is up-to-date
Make sure all Windows updates have been installed.
For more information, see Exchange Server TLS guidance, part 1: Getting Ready for TLS 1.2
Step 2: Enable TLS 1.2.
- From Notepad.exe, create a text file and name it TLS12-Enable.reg.
- Copy then paste the following text:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001 - Save the TLS12-Enable.reg file.
- Double-click the TLS12-Enable.reg file.
- Select Yes to update your Windows Registry with these changes.
Step 3: Disable TLS 1.0 and 1.1
- From Notepad.exe, create a text file and name it TLS1011-Disable.reg
- Copy then paste the following text:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]
"DisabledByDefault"=dword:00000001
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]
"DisabledByDefault"=dword:00000001
"Enabled"=dword:00000000[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
"DisabledByDefault"=dword:00000001
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
"DisabledByDefault"=dword:00000001
"Enabled"=dword:00000000 - Save the TLS1011-Disable.reg file.
- Double-click the TLS1011-Disable.reg file.
- Select Yes to update your Windows Registry with these changes.
Step 4: Configure .NET Security Settings
- From Notepad.exe, create a text file and name it NET-UseSchannelDefaults.reg
- Copy then paste the following text:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001 - Save the NET-UseSchannelDefaults.reg file.
- Double-click the NET-UseSchannelDefaults.reg file.
- Select Yes to update your Windows Registry with these changes.
- Restart your computer for the changes to take effect.