Exchange Hybrid Wizard Error 1603

How to fix Exchange Hybrid Wizard Error 1603

This issue is related to TLS 1.2


Some links for you:
Microsoft Entra Connect: TLS 1.2 enforcement for Microsoft Entra Connect - Microsoft Entra ID | Microsoft Learn

The following scripts, you need to copy and same as CheckTls.ps1 and EnableTls.ps1

Frist if you run any of the following scripts, make sure UAC is disable :)



Start with checking TLS Settings:

FunctionGet-ADSyncToolsTls12RegValue

{[CmdletBinding()]Param(# Registry Path[Parameter(Mandatory=$true,

                   Position=0)][string]$RegPath,# Registry Name[Parameter(Mandatory=$true,

                   Position=1)][string]$RegName)$regItem= Get-ItemProperty-Path $RegPath-Name $RegName-ErrorAction Ignore

    $output= ""|selectPath,Name,Value

    $output.Path = $RegPath$output.Name = $RegNameIf($regItem-eq$null){$output.Value = "Not Found"}Else{$output.Value = $regItem.$RegName}$output}$regSettings= @()$regKey= 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319'$regSettings+=Get-ADSyncToolsTls12RegValue $regKey'SystemDefaultTlsVersions'$regSettings+=Get-ADSyncToolsTls12RegValue $regKey'SchUseStrongCrypto'$regKey= 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319'$regSettings+=Get-ADSyncToolsTls12RegValue $regKey'SystemDefaultTlsVersions'$regSettings+=Get-ADSyncToolsTls12RegValue $regKey'SchUseStrongCrypto'$regKey= 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server'$regSettings+=Get-ADSyncToolsTls12RegValue $regKey'Enabled'$regSettings+=Get-ADSyncToolsTls12RegValue $regKey'DisabledByDefault'$regKey= 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client'$regSettings+=Get-ADSyncToolsTls12RegValue $regKey'Enabled'$regSettings+=Get-ADSyncToolsTls12RegValue $regKey'DisabledByDefault'$regSettings

The Result shows you:



Next enable TLS 1.2:

If(-Not(Test-Path'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319')){New-Item'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319'-Force |Out-Null}New-ItemProperty-Path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319'-Name 'SystemDefaultTlsVersions'-Value '1'-PropertyType 'DWord'-Force |Out-NullNew-ItemProperty-Path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319'-Name 'SchUseStrongCrypto'-Value '1'-PropertyType 'DWord'-Force |Out-NullIf(-Not(Test-Path'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319')){New-Item'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319'-Force |Out-Null}New-ItemProperty-Path 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319'-Name 'SystemDefaultTlsVersions'-Value '1'-PropertyType 'DWord'-Force |Out-NullNew-ItemProperty-Path 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319'-Name 'SchUseStrongCrypto'-Value '1'-PropertyType 'DWord'-Force |Out-NullIf(-Not(Test-Path'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server')){New-Item'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server'-Force |Out-Null}New-ItemProperty-Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server'-Name 'Enabled'-Value '1'-PropertyType 'DWord'-Force |Out-NullNew-ItemProperty-Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server'-Name 'DisabledByDefault'-Value '0'-PropertyType 'DWord'-Force |Out-NullIf(-Not(Test-Path'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client')){New-Item'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client'-Force |Out-Null}New-ItemProperty-Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client'-Name 'Enabled'-Value '1'-PropertyType 'DWord'-Force |Out-NullNew-ItemProperty-Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client'-Name 'DisabledByDefault'-Value '0'-PropertyType 'DWord'-Force |Out-NullWrite-Host'TLS 1.2 has been enabled. You must restart the Windows Server for the changes to take affect.'-ForegroundColor Cyan

Result shows you:











Comments

Popular posts from this blog

MFA with Guest Access and different tenants settings

Cannot join external Lync Meeting: Lync Edge Server Single IP Address (Lync Edge Server Single IP Web Conferenceing Problem)

Skype for Business, Lync and Exchange Web Services (EWS) and different DNS Domains- Exchange crawling e.g. for presence