Forum Discussion
Exchange Hybrid Configuration Wizard - Error 1603 - Connector registration failed
Did any of you encounter this error while installing hcw on an exchange server?
Here is the event viewer error details:
Connector registration failed: Make sure you are a Global Administrator of your Active Directory to register the Connector. Error: '"The registration request was denied. "'
- Folks, I never got a clear answer but the solution we did was to install HCW on a member server running on Windows Server 2019.
26 Replies
- In my case I just enabled TLS 1.2, updated NUGET, rebooted the machine and then worked like a charm.
ENABLE TLS 1.2
#ref: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-tls-enforcement
New-Item 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' -name 'SystemDefaultTlsVersions' -value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' -name 'SchUseStrongCrypto' -value '1' -PropertyType 'DWord' -Force | Out-Null
New-Item 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' -name 'SystemDefaultTlsVersions' -value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' -name 'SchUseStrongCrypto' -value '1' -PropertyType 'DWord' -Force | Out-Null
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -name 'Enabled' -value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -name 'DisabledByDefault' -value 0 -PropertyType 'DWord' -Force | Out-Null
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'Enabled' -value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'DisabledByDefault' -value 0 -PropertyType 'DWord' -Force | Out-Null
Write-Host 'TLS 1.2 has been enabled.'
UPDATE NUGET
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Install-Module PowerShellGet -Force #force upgrade Try to add the following registry keys on the affected server and see if it helps:
______________________________________________
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727] "SystemDefaultTlsVersions" = dword:00000001 "SchUseStrongCrypto" = dword:00000001[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] "SystemDefaultTlsVersions" = dword:00000001 "SchUseStrongCrypto" = dword:00000001[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727] "SystemDefaultTlsVersions" = dword:00000001 "SchUseStrongCrypto" = dword:00000001[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319] "SystemDefaultTlsVersions" = dword:00000001 "SchUseStrongCrypto" = dword:00000001[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client] "DisabledByDefault"=dword:00000000 "Enabled"=dword:00000001[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server] "DisabledByDefault"=dword:00000000 "Enabled"=dword:00000001______________________________________________Cheers!- OS WinSrv2016, works with only these :
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions" = dword:00000001 "SchUseStrongCrypto" = dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] "SystemDefaultTlsVersions" = dword:00000001 "SchUseStrongCrypto" = dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727] "SystemDefaultTlsVersions" = dword:00000001 "SchUseStrongCrypto" = dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319] "SystemDefaultTlsVersions" = dword:00000001 "SchUseStrongCrypto" = dword:00000001
ThanksTéva Paofai Thanks a lot, this fixed my issue 🙂
- Thanks, this worked for me too.
Running Exchange Server 2016 CU22 on Windows Server 2016. - This worked for me, thanks!
- I have just come across this same issue. Customer has a newly installed Exchange 2016 box, with Exchange 2016 newly installed for hybrid purposes (they have an exchange 2013 that will be migrated through)
There isn't the option right now to upgrade the server to server 2019, anyone got an actual fix that isn't a work around?- Ben, see if you can install to a non-Exchange server with 2016 or 2019. See Mark Canning's reply above for your reference.
Eric Fuentes My Exchange 2016 patched to CU 23 and security update KB5014261 this server would not install hybrid agent error 1603. I ran HCW on non-Exchange 2016 server ( I don't have any 2019 servers yet) and hybrid agent installed ok, HCW ran to successful conclusion. Thank you, this post allowed me to fix my hybrid setup.
- Great!!
AashujhaMicrosoft
I recently had chance to support on the same issue and i found that windows 2016 OS file was broken due to Patch https://www.microsoft.com/en-us/download/details.aspx?id=104205 . Here it has mentioned that Supported OS as windows server 2019 and We ignored it as the patch is for Exchange server 2019 . Post upgradation of windows server 2016 to Windows server 2019 it fixed the broken OS files and then Hybrid Agent worked . Additionally I verified on windows server 2016 where I have not installed this Patch and it works perfectly.
- Folks, I never got a clear answer but the solution we did was to install HCW on a member server running on Windows Server 2019.
- Could you please do a DNS check and a GUID check.
- DNS is good. How do you suggest checking the GUID?
Eric Fuentes I have the exact same problem at the moment. "The registration request was denied".
If using an Azure AD user which do not have Global Administrator access the error is: "The registration request was denied. Details: User is unauthorized".
It seems as if the issue is with Azure AD services denying to register the connector, as it can see if the users is a Global Administrator or not.../Michael
