question

MohammedNasimShah-7350 avatar image
0 Votes"
MohammedNasimShah-7350 asked GlenScales-6756 commented

Exchange webservices stopped after disabling SSL3.0 and enabling TLS 1.2

Dear All,

we have exchange2013 CU23 in our environment. CAS and MBX roles are on separate physical servers.

At present we have hybrid environment with mailboxes on-premise and exchange online.

Exchange webservices stopped when we disabled SSL3.0 and enabled TLS 1.2 on exchange servers.

Request your assistance to fix this issue.

Regards,
Mohammed Nasim Shah

office-exchange-server-dev
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MohammedNasimShah-7350 avatar image
0 Votes"
MohammedNasimShah-7350 answered SusieZhao-MSFT commented

Hi All,

Is there any suggestion or tips?

Regards,
Nasim

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

Sorry for late response.
Your query is related to exchange dev, so I moved it to the relevant forum.

Thanks

0 Votes 0 ·
GlenScales-6756 avatar image
0 Votes"
GlenScales-6756 answered GlenScales-6756 commented

I would suggest going through https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-server-tls-guidance-part-2-enabling-tls-1-2-and/ba-p/607761 as a starter and making sure you have set the SystemDefaultTlsVersions correctly and have the correct CU's etc.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you for response.

Exchange2013 has CU23. TLS1.2 was enabled and SSL disabled as per Microsoft article details. Is there any log which can help to trace whats happening?

0 Votes 0 ·

What is the actual error that your getting? is OWA working OnPrem (OWA also uses EWS). You should be able to check the EWS log on the CAS server, you can enable https://www.microsoft.com/security/blog/2017/09/07/new-iis-functionality-to-help-identify-weak-tls-usage/ and then check you IIS logs to see if its an issue with proxying etc. Also your windows Eventlogs and try running Test-OutlookWebServices and checking the errros.



0 Votes 0 ·