SOLVED

Disable TLS 1.0 and 1.1 on exchange server 2016

%3CLINGO-SUB%20id%3D%22lingo-sub-3294165%22%20slang%3D%22en-US%22%3EDisable%20TLS%201.0%20and%201.1%20on%20exchange%20server%202016%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3294165%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECurrent%20setup%20consists%20of%20exchange%20server%202016%20cu21%20and%20windows%20server%202012%20r2%3C%2FP%3E%3CP%3ETLS%201.2%20is%20enabled%20and%20TLS%201.0%20and%201.1%20is%20planned%20to%20be%20disabled%20on%20all%206%20production%20exchange%20servers%3C%2FP%3E%3CP%3EWe%20plan%20to%20disable%20legacy%20TLS%20on%202%20servers%20%2C%20restart%20and%20then%20plan%20to%20disable%20legacy%20tls%20on%20remaining%20servers%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20this%20approach%20correct%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards%2C%3C%2FP%3E%3CP%3EAjit%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3294165%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EDisable%20legacy%20TLS%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3297139%22%20slang%3D%22en-US%22%3ERe%3A%20Disable%20TLS%201.0%20and%201.1%20on%20exchange%20server%202016%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3297139%22%20slang%3D%22en-US%22%3EMore%20important%20is%20verifying%20that%20all%20of%20your%20apps%20that%20may%20communicate%20with%20your%20Exchange%20servers%20support%20TLS%201.2%20before%20disabling%20TLS%201.0%2F1.1%20..%3CBR%20%2F%3EIf%20you%20disable%20TLS%201.0%2F1.1%20on%20only%20two%20and%20it%20looks%20OK%2C%20how%20will%20you%20be%20sure%20that%20there%20are%20no%20issues%20with%20any%20apps%20%3F%20They%20may%20still%20be%20talking%20to%20the%20other%20four%20servers.%3CBR%20%2F%3EIf%20you%20disable%20TLS%201.0%2F1.1%20on%20only%20two%2C%20and%20there%20are%20intermittent%20issues%2C%20how%20are%20you%20going%20to%20narrow%20the%20problem%20down%20%3F%3C%2FLINGO-BODY%3E
Occasional Contributor

Hello,

 

Current setup consists of exchange server 2016 cu21 and windows server 2012 r2

TLS 1.2 is enabled and TLS 1.0 and 1.1 is planned to be disabled on all 6 production exchange servers

We plan to disable legacy TLS on 2 servers , restart and then plan to disable legacy tls on remaining servers

 

Is this approach correct

 

Regards,

Ajit

1 Reply
best response confirmed by ckajit (Occasional Contributor)
Solution
More important is verifying that all of your apps that may communicate with your Exchange servers support TLS 1.2 before disabling TLS 1.0/1.1 ..
If you disable TLS 1.0/1.1 on only two and it looks OK, how will you be sure that there are no issues with any apps ? They may still be talking to the other four servers.
If you disable TLS 1.0/1.1 on only two, and there are intermittent issues, how are you going to narrow the problem down ?