Having moved a few Exchange 2010 servers over to TLS 1.1 and 1.2 one of the more recent ones we did kept coming up with the following error when trying to delete emails from OWA
Outlook web App couldn't connect to Exchange Web Service due to a configuration error. Response code = "null, webexception.status = RecieveFailure"
The error message in OWA when trying to delete email is as below:
This is a by-product of using TLS 1.1 and 1.2 - the internal schannels seem to struggle communicating with it if things aren't just quite right.
We managed to fix it by checking all of the following:
- Ensure you're running Exchange Rollup 28 for SP3 (lower versions may work, but we got it sorted after 28)
- We disabled TLS 1.0 and enabled 1.1/1.2 using IISCrypto but upon checking the registry keys, they were all set to ffffffffff instead of 1
Therefore, double check the following if using IIS Crypto
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]“DisabledByDefault”=dword:00000000“Enabled”=dword:00000001“DisabledByDefault”=dword:00000000
“Enabled”=dword:00000001
“SystemDefaultTlsVersions”=dword:00000001
“SystemDefaultTlsVersions”=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
Thanks to Jaap Wesselius for this (https://jaapwesselius.com/2018/10/05/exchange-2010-and-tls-1-2/)
And then also check that .net 3.5.1 has TLS 1.2 enabled:
The next step is to enable TLS 1.2 for .NET Framework 3.5.1. To do this, make the following registry changes:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727]
After doing all of the above we rebooted and the issue seemed to be resolved.
