Today we are announcing the availability of the 2024 H1 Cumulative Update (CU) for Exchange Server 2019 (aka CU14). CU14 includes fixes for customer reported issues, a security change, and all previo...
Updated Feb 22, 2024
Version 11.0
Blog Post
LukasSMSFT
Microsoft
MicrosoftEliasJS-FSD I'm not 100% sure if the Windows Server NLB feature supports SSL offloading or SSL bridging. However, since this is a load balancer, the same requirements come into play as for other load balancers (https://learn.microsoft.com/exchange/plan-and-deploy/post-installation-tasks/security-best-practices/exchange-extended-protection?view=exchserver-2019#scenarios-that-could-affect-client-connectivity-when-extended-protection-was-enabled) and if those requirements are fulfilled, I would expect that it works with Windows NLB as well.
Pankaj_Messaging_Specialistthe script will not change the SSL/TLS configuration on your machines. This is something you have to do. It will also not configure Extended Protection if it detects a misconfiguration on the Exchange server itself, which we find could lead to an issue once EP is enabled.
Please check the Extended Protection documentation regarding the TLS requirements. The most important thing is that the configuration is unique on each of your Exchange servers (e.g., if you have TLS 1.0 and 1.1 configured on Server A, the same configuration must be set on Server B). HealthChecker will provide you an overview of the configuration which you can then compare for each server.
Please check the Exchange Server TLS configuration documentation as it provides you with more context of what these registry keys exactly do: