Exchange Hybrid Wizard Error 1603

How to fix Exchange Hybrid Wizard Error 1603

This issue is related to TLS 1.2


Some links for you:
Microsoft Entra Connect: TLS 1.2 enforcement for Microsoft Entra Connect - Microsoft Entra ID | Microsoft Learn

The following scripts, you need to copy and same as CheckTls.ps1 and EnableTls.ps1

Frist if you run any of the following scripts, make sure UAC is disable :)



Start with checking TLS Settings:

FunctionGet-ADSyncToolsTls12RegValue

{[CmdletBinding()]Param(# Registry Path[Parameter(Mandatory=$true,

                   Position=0)][string]$RegPath,# Registry Name[Parameter(Mandatory=$true,

                   Position=1)][string]$RegName)$regItem= Get-ItemProperty-Path $RegPath-Name $RegName-ErrorAction Ignore

    $output= ""|selectPath,Name,Value

    $output.Path = $RegPath$output.Name = $RegNameIf($regItem-eq$null){$output.Value = "Not Found"}Else{$output.Value = $regItem.$RegName}$output}$regSettings= @()$regKey= 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319'$regSettings+=Get-ADSyncToolsTls12RegValue $regKey'SystemDefaultTlsVersions'$regSettings+=Get-ADSyncToolsTls12RegValue $regKey'SchUseStrongCrypto'$regKey= 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319'$regSettings+=Get-ADSyncToolsTls12RegValue $regKey'SystemDefaultTlsVersions'$regSettings+=Get-ADSyncToolsTls12RegValue $regKey'SchUseStrongCrypto'$regKey= 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server'$regSettings+=Get-ADSyncToolsTls12RegValue $regKey'Enabled'$regSettings+=Get-ADSyncToolsTls12RegValue $regKey'DisabledByDefault'$regKey= 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client'$regSettings+=Get-ADSyncToolsTls12RegValue $regKey'Enabled'$regSettings+=Get-ADSyncToolsTls12RegValue $regKey'DisabledByDefault'$regSettings

The Result shows you:



Next enable TLS 1.2:

If(-Not(Test-Path'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319')){New-Item'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319'-Force |Out-Null}New-ItemProperty-Path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319'-Name 'SystemDefaultTlsVersions'-Value '1'-PropertyType 'DWord'-Force |Out-NullNew-ItemProperty-Path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319'-Name 'SchUseStrongCrypto'-Value '1'-PropertyType 'DWord'-Force |Out-NullIf(-Not(Test-Path'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319')){New-Item'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319'-Force |Out-Null}New-ItemProperty-Path 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319'-Name 'SystemDefaultTlsVersions'-Value '1'-PropertyType 'DWord'-Force |Out-NullNew-ItemProperty-Path 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319'-Name 'SchUseStrongCrypto'-Value '1'-PropertyType 'DWord'-Force |Out-NullIf(-Not(Test-Path'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server')){New-Item'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server'-Force |Out-Null}New-ItemProperty-Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server'-Name 'Enabled'-Value '1'-PropertyType 'DWord'-Force |Out-NullNew-ItemProperty-Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server'-Name 'DisabledByDefault'-Value '0'-PropertyType 'DWord'-Force |Out-NullIf(-Not(Test-Path'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client')){New-Item'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client'-Force |Out-Null}New-ItemProperty-Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client'-Name 'Enabled'-Value '1'-PropertyType 'DWord'-Force |Out-NullNew-ItemProperty-Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client'-Name 'DisabledByDefault'-Value '0'-PropertyType 'DWord'-Force |Out-NullWrite-Host'TLS 1.2 has been enabled. You must restart the Windows Server for the changes to take affect.'-ForegroundColor Cyan

Result shows you:











Comments

Popular posts from this blog

Cannot join external Lync Meeting: Lync Edge Server Single IP Address (Lync Edge Server Single IP Web Conferenceing Problem)

How to hide users from GAL if they are AD Connect synchronized

MFA with Guest Access and different tenants settings