none
Exchange 2010 - TLS 1.0 RRS feed

  • Question

  • We plan to migrate from Exchange 2010 to O365 in January. We currently have two Exchange 2010 servers (server 1 = mailbox & hub transport, server 2 = cas). The plan is to install an on-prem Exchange 2019 server, migrate to O365 Hybrid and decommission the two old Exchange 2010 servers.

    The company has a new requirement to become fully PCI compliant within the next month. However, we are currently failing our PCI scan due to OWA/Active Sync using TLS v1.0. We have applied the latest patches to the Exchange servers and disabled TLS 1.0 as per below:

    https://techcommunity.microsoft.com/t5/Exchange-Team-Blog/Exchange-Server-TLS-guidance-Part-3-Turning-Off-TLS-1-0-1-1/ba-p/607898

    Unfortunately by doing so this broke 'Out Of Office' and 'Free/Busy time' so we had to re-enable TLS 1.0. From what i have read so far this appears to be a known issue and i suspect Microsoft will not be putting any resources into fixing this given Exchange 2010 will become EOL come 31st January. 

    Disabling OWA/Active Sync for everybody isnt an option and we are not in a position to migrate to O365 yet. Any suggestions on a way forward?

    Is it possible to link on-prem Exchange to O365 and move/proxy OWA/ActiveSync through office.com/O365?

    Tuesday, September 17, 2019 1:20 PM

Answers

All replies

  • Hi

    You wont be able to install Exchange 2019 while you have Exchange 2010 servers. You need to move to Exchange 2016 and then to 2019.

    You can enable TLS 1.2 while you have 1.0 enabled as well.

    Please note that Exchange EOL has changed to 13 October next year.


    Hope this helps. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Tuesday, September 17, 2019 5:20 PM
    Owner
  • Hi,

     

    For Exchange Server 2010, please install SP3 RU20 or higher build for TLS 1.2 support and disable TLS 1.0/TLS 1.1. Install the latest version of .NET 3.5.1 and patches.

     

    As Edward said, It’s suggested that enabling TLS1.2, you could enable it and turn off TLS 1.0 on your Exchange 2010, then observe if the issue occurs one more time. Detailed operations please refer to the:

     

    Exchange Server TLS guidance Part 2: Enabling TLS 1.2 and Identifying Clients Not Using It

     

    Regards,

    Kelvin Deng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com


    Wednesday, September 18, 2019 3:15 AM
  • Ok thanks both, we will give this a try.
    Wednesday, September 18, 2019 8:59 AM
  • Hi,

     

    I am writing here to confirm with you how the thing going now?

     

    If you need further help, please provide more detailed information, so that we can give more appropriate suggestions.

     

    Regards,

    Kelvin Deng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com


    Monday, September 23, 2019 8:06 AM
  • Thanks for the help.
    We have enabled tls1.2 and disabled tls1.0./1.1 as per the link in Kelvin's post.
    Monday, October 7, 2019 2:09 PM