Support for TLS 1.2 over Exchange 2013 on Server 2012?

Similar Messages

• Support for TLS 1.2 over Exchange 2013?

  How to enable TSL1.2 in Exchange 2013, any documentation leading me to configure it?
  Is there any confirmation about TSL 1.2 Supporting or not?
  Any help or insight would be greatly appreciated. Thanks!

  Hi
  Similar article, no info as yet:
  http://social.technet.microsoft.com/Forums/en-US/8815dada-94b5-4d89-ad80-43f03705c551/support-for-tls-12-over-exchange-2013-on-server-2012

• Getting Error while installing Exchange 2013 on server 2012

  Error During Exchange 2013 Mailbox Transport
  Role Install On Server 2012 
  Exchange
  Server forums
   > 
  Exchange
  Server 2013 - Setup, Deployment, Updates, and Migration
  Question
  1
  Sign
  in to vote
  I was installing Exchange 2013 on Server 2012.  The server is not a DC, but is a member of a domain with a 2008 R2 functional level, and I was logged in as a domain admin.  There has never been an Exchange instance on this domain.  I got past
  the prerequisite checks, and the installer showed 15 steps, so I walked away.  When I came back, I saw this:
  Step 8 of 15: Mailbox role: Transport service
  Error:
  The following error was generated when "$error.Clear(); 
            $maxWait = New-TimeSpan -Minutes 8
            $timeout = Get-Date;
            $timeout = $timeout.Add($maxWait);
            $currTime = Get-Date;
            $successfullySetConfigDC = $false;
            while($currTime -le $timeout)
              $setSharedCDCErrors = @();
              try
                Set-SharedConfigDC -DomainController $RoleDomainController -ErrorVariable setSharedCDCErrors -ErrorAction SilentlyContinue;
                $successfullySetConfigDC = ($setSharedCDCErrors.Count -eq 0);
                if($successfullySetConfigDC)
                  break;
                Write-ExchangeSetupLog -Info ("An error ocurred while setting shared config DC. Error: " + $setSharedCDCErrors[0]);
              catch
                Write-ExchangeSetupLog -Info ("An exception ocurred while setting shared config DC. Exception: " + $_.Exception.Message);
              Write-ExchangeSetupLog -Info ("Waiting 30 seconds before attempting again.");
              Start-Sleep -Seconds 30;
              $currTime = Get-Date;
            if( -not $successfullySetConfigDC)
              Write-ExchangeSetupLog -Error "Unable to set shared config DC.";
          " was run: "Unable to set shared config DC.".

  Hi Deepak,
  From the error description, I would like to clarify the following things:
  1. Please ensure that IPv6 on the network adaptor is turned on.
  2. Please check if the account that you used to install Exchange has necessary permissions to perform the installation.
  3. Make sure that DNS is configured correctly.
  Hope my clarification is helpful.
  If there are any problems, please feel free to let me know.
  Best regards,
  Amy
  Amy Wang
  TechNet Community Support

• Cannot install Exchange 2013 on Server 2012 R2

  I receive the following error when attempting to install Exchange Server 2013 on the same machine running Windows Server 2012 R2 Essentials:
  "An unsupported operating system was detected. Exchange Server 2013 Client Access and Mailbox Server roles support Windows Server 2008 R2 SP1 or later and Windows Server 2012"
  SP1 for Exchange Server 2013 was released but I'm not sure how to integrate it or whether or not I even need to. Please let me know if there is a fix or workaround.
  Thank you.

  This is correct, Essentials is not supported to host Exchange 2013
  You need to install Exchange on supported OS:
  http://technet.microsoft.com/en-us/library/aa996719(v=exchg.150).aspx
  Please take a moment to Vote as Helpful and/or Mark as Answer where applicable. Thanks.

• Exchange 2013 Windows Server 2012 NLB and DAG on the same server

  Hi all, I am installing Exchange 2013 infrastructure with two servers. 
  Both servers have the CAS and Mailbox roles. 
  For mounting on High Availability, will create a DAG. 
  Client Access I have no external Network Load Balancer. 
  I thought about installing the NLB servers in the DAG members, this could not be done before. 
  I do not know if in Windows Server 2012 and Exchange 2013 
  Can I install NLB on members of a DAG? 
  regards
  Microsoft Certified IT Professional Server Administrator

  Hi,
  I’m afraid that WNLB and DAG cannot coexist in the same server. Because WNLB is incompatible with Windows failover clustering. If we're using an Exchange 2010 DAG and we want to use WNLB, we need to have the Client Access server role and the Mailbox server
  role running on separate servers.
  For more information, you can refer to the following article:
  http://technet.microsoft.com/en-us/library/ff625247(v=exchg.141).aspx
  Thanks,
  Angela Shi
  TechNet Community Support

• TLS connection failure with Exchange 2013 (SEC_E_WRONG_PRINCIPAL)

  Hi all -
  I have Lync 2013 with a single front-end server and am trying to properly integrate with a single Exchange 2013 SP1 server.  The Exchange server has certificate signed by GeoTrust, assigned to all roles - IIS, SMTP, POP, IMAP, UM, and UMcallrouter.  I'm
  seeing the below in my FE logs and am unsure as to why Lync is using the .local address when I have been specifying external FQDNs for the mail server in Lync.
  TLS outgoing connection failures.
  Over the past 1 minutes, Lync Server has experienced TLS outgoing connection failures 1 time(s). The error code of the last failure is 0x80090322(SEC_E_WRONG_PRINCIPAL) while trying to connect to the server "MAIL.xxxx.local" at address [172.16.3.14:5061],
  and the display name in the peer certificate is "Unavailable".
  Cause: Most often a problem with the peer certificate or perhaps the host name (DNS) record used to reach the peer server. Target principal name is incorrect means that the peer certificate does not contain the name that the local server used to connect. Certificate
  root not trusted error means that the peer certificate was issued by a remote CA that is not trusted by the local machine.
  Resolution:
  Check that the address and port matches the FQDN used to connect, and that the peer certificate contains this FQDN somewhere in its subject or SAN fields. If the FQDN refers to a DNS load balanced pool then check that all addresses returned by DNS refer to
  a server in the same pool. For untrusted root errors, ensure that the remote CA certificate chain is installed locally. If you have already installed the remote CA certificate chain, then try rebooting the local machine.
  Any advice/pointers you can give are greatly appreciated.

  When integrate Lync and Exchange UM, you need to generate new certificate. The certificate should contain the server’s FQDN.
  Lisa Zheng
  TechNet Community Support

• Need support for TLS 1.2

  Hi :
  SSL 2.0 was broken in 1997, SSL3.0 was broken in 1998,TLS 1.0 is broken because it relies in SHA1, MD5 which are both broken in 2004.
  We need support for TLS 1.2.
  The new fed Identify effort http://www.whitehouse.gov/blog/2010/06/25/national-strategy-trusted-identities-cyberspace
  will require not just trusted identity but trusted transport.

  Mozilla need to take the TLS security issue very serious, or they will risk loosing their customer to Opera and IE etc. Today TLS 1.0 is easily broken (see: [https://threatpost.com/en_us/blogs/fixes-works-ssl-attack-support-lacking-newer-versions-protocol-092211 here] ) Possibly by at least removing all CBC ciphers from your list of allowed ciphers.

• Deploy Exchange 2013 , Lync server 2013 and shrepoint server 2013

  Hi dears ,
  I have a deployment requirement in which I have to plan for deploy Exchange 2013 , Lync server 2013 and SharePoint server 2013 on premise for 500 user and for one organization , now I have been asked to provide the software and hardware requirement
  for this deployment .
  so I wonder , is there any guide or link to find the hardware and software requirements for this deployment ?

  Hi,
  You can refer to the link below about the hardware/system requirements for Lync Server 2013:
  https://technet.microsoft.com/en-us/library/gg398438.aspx
  Note: it is not supported to install Lync Server in the same computer with DC, Exchange Server and SharePoint Server.
  If you want to deploy Lync Server, you’d better read the guide firstly before deploy it:
  https://technet.microsoft.com/en-us/library/gg398616.aspx
  For the deployment of Exchange 2013 and SharePoint 2013, you can also post case on Exchange and SharePoint forum, and there are more experts will help you:
  Exchange 2013:
  https://social.technet.microsoft.com/Forums/office/en-US/home?category=exchangeserver
  SharePoint 2013:
  https://social.technet.microsoft.com/Forums/office/en-US/home?category=sharepoint
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• New Exchange 2013 CAS server in existing Exchange 2007 Organization

  Dear Friends,
  We have exchange 2007 SP3 with CU13 installed with single copy cluster for database and 1 OWA server for CAS/HT. We will migrate from current to Exchange 2013SP1. As we want to have HA, we have installed 2 new Exchange 2013 SP1 CAS server on widnows 2012
  R2 after preparing our organisation for Exchange 2013. The setup went smooth without any error and successfully installed CAS with management tools. After installation it ask to reboot the server which we did. Now after reboot, we are not able to run Exchange
  Management Sell. It never connects to the new server. In our old 2007 EMS also doesn't list any exchange 2013 server. We are also not able to connect to new CAS servers with below URL:
  https://servername/ecp/?ExchClientVer=15
  Its says site under maintenance. Please advise what to check. We were thinking of deploying CAS 1st and make it co-exist with Exchange 2007 before deploying Exchange 2013 mailbox server which will be setup in DAG. What are we doing wrong.
  Thanks in advance!!

  Dear Friends,
  We have exchange 2007 SP3 with CU13 installed with single copy cluster for database and 1 OWA server for CAS/HT. We will migrate from current to Exchange 2013SP1. As we want to have HA, we have installed 2 new Exchange 2013 SP1 CAS server on widnows 2012
  R2 after preparing our organisation for Exchange 2013. The setup went smooth without any error and successfully installed CAS with management tools. After installation it ask to reboot the server which we did. Now after reboot, we are not able to run Exchange
  Management Sell. It never connects to the new server. In our old 2007 EMS also doesn't list any exchange 2013 server. We are also not able to connect to new CAS servers with below URL:
  https://servername/ecp/?ExchClientVer=15
  Its says site under maintenance. Please advise what to check. We were thinking of deploying CAS 1st and make it co-exist with Exchange 2007 before deploying Exchange 2013 mailbox server which will be setup in DAG. What are we doing wrong.
  Thanks in advance!!
  If you have only the 2013 CAS installed and not the mailbox role, then nothing will really work. Remember, in 2013, the mailbox role does all the work, the CAS is simply a proxy for the most part.
  Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

• Fresh Exchange 2013 install on 2012 R2

  Hi Everyone-
  I'm a bit confused on the steps to install Exchange 2013 SP1 on 2012 R2 in a new environment (no 2013 installed).  I've seen many mixed install guides recommending I install non-sp1, preparing the domain/schema first, install CAS/MBX roles.  Once
  complete run the Sp1 upgrade starting with the domain/scheme upgrade, and then run the EXE.  
  I've also read that the 2013 SP1 download (http://www.microsoft.com/en-us/download/details.aspx?id=41994) is a full version of Exchange and can be ran as a clean install - so essentially just preparing the domain/schema and run the install once.  I
  find this hard to believe as the ISO I've downloaded from VLSC is 3.5gb, yet the SP1 exe is 1.5gb.  
  Can anyone confirm which is the correct path to take?
  Thanks

  Hi,
  Can't think of a good reason to install any other build of Exchange 2013 then SP1. The EX13 SP1 download is a full install and the only one that is supported on 2012 R2. The bits is packed in a different way so the download is smaller.
  Martina Miskovic

• How to introduce exchange 2013 mailbox server in an existing Exchange 2010 Environment

  Hi All,
  we are planning to install exchange 2013 mailbox server in an Exchange 2010 environment. we have 3 MB servers, 1 CAS 1 HUB which is installed with Exchange 2010 SP3 Enterprise Edition. how to install new exchange server 2013  and i have to add the 2013
  servers in to existing DAG and migrate all mailboxes in to 2013 server. Please advise me from the scratch. also will it be create any impact in my existing setup.
  Thanks, Venkatesh. "Hardwork Never Fails"

  For a step by step follow the deployment assistant
  http://technet.microsoft.com/en-US/exdeploy2013/Checklist?state=2419-W-AAAAAAAAQAAAAAEAAAAAAAA%7e
  Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

• Can we run 32 bit application over 64 bit windows server 2012 ?

  Can we run 32 bit application over 64 bit windows server 2012 ?

  Hi,
  Thanks for your question.
  Since the two cases that you posted are the same, I will merge them so that you can get a better assistance. Thanks for your understanding
  and support.
  In addition, according to your question, it depends on the applications. Some applications designed for the 32-bit version of Windows
  will work on the 64-bit version of Windows, but some are not. Before you install the application, you’d better check if it is compatible with 64-bit version of Windows Server 2012.
  Best regards,
  Susie

• Migrate biztalk 2006R2/SQL server 2005 projects to Biztalk 2013/SQL server 2012

  We have Biztalk application projects deployed on Biztalk 2006R2/SQL server 2005 environment on a single server
  Now we  have installed and configured Biztalk 2013/SQL server 2012 in a multicomputer environment where Biztalk server is on one computer while SQL server is on the other.
  Now it's time to migrate the projects 2006R2 to 2013.. Is it a smooth process? I found a lot of posts about migration from 2006R2 to Biztalk 2010...  Just wondering if it is similar or more complex?? Appreciate any help/suggestions.. thanks!!

  Hi Annee,
  Following article should answer your question:
  BizTalk Application Migration Guide
  Also have a look at following forum post:
  http://social.msdn.microsoft.com/Forums/en-US/f9ac6b6c-3dbe-487b-85c5-448d257d62f4/migration-from-biztalk-server-2006-to-2013?forum=biztalkgeneral
  Maheshkumar S. Tiwari|http://tech-findings.blogspot.in/

• Multiple domain mailboxes for one AD user in exchange 2013

  I just wanted to make sure that this hasn't changed in exchange 2013 or if there's a better way to do this
  we have a few users that need an email for companyA.com and CompanyB.com. For easy separation we've decided to create a separate mailbox for each email. Right now the only way i can figure how to easily associate both mailboxes with 1 AD user is to set up
  their main email as their default mailbox, then create a shared mailbox and grant full permission for that user. Then in Outlook they have access to both accounts from 1 profile. 
  However I'm not sure how this would work for mobile access.  In Office365 connecting to 2 exchange accounts on a mobile device was pretty straight forward since each mailbox had a unique login. I know when a shared mailbox is created, a disabled user
  is created in AD, I'm wondering if i can enable that account and then the user uses that login to connect to that account through their mobile device. Or maybe theres a simpler way to accomplish this goal? 

  we have a few users that need an email for companyA.com and CompanyB.com.
  Hi Derek,
  Why not just create an additional email address for the users?
  "You can use the EAC or the Shell to add or remove an email address for a user mailbox. You can configure more than one email address for the same mailbox. The additional addresses are called
  proxy addresses. A proxy address lets a user receive email that’s sent to a different email address. Any email message sent to the user's proxy address is delivered to their primary email address, which is also known as the
  primary SMTP address or the default reply address."
  Add or Remove Email Addresses for a Mailbox
  http://technet.microsoft.com/en-us/library/bb123794.aspx
  "create a shared mailbox and grant full permission for that user"
  Do you mean a few users have a shared email address? For example:
  UserA:
  Primary(main) address: [email protected], shared address:
  [email protected]
  UserB:
  Primary(main) address: [email protected], shared address: [email protected]
  If not, you can just create an addtional address for the users.
  If you have any feedback on our support, please click
  here
  Frank Wang
  TechNet Community Support

• MailboxInSiteFailoverException - OWA session error on database *over (Exchange 2013 SP1)

  Hi all, I have noticed an issue with OWA when database(s) are failed over between DAG members.  The environments in question (issue can be reproduced in separate implementations of 2013 SP1 all-role servers) are 2 or more DAG members within the same
  AD site/subnet.  These are also fresh implementations with SP1 and not upgraded.  Exchange servers are load balanced via Netscaler. 
  So to the issue - OWA users experience the below "..MailboxInSiteFailoverException" message when the database copy is activated.  Exchange does not immediately proxy the requests to the active database.  You can wait several minutes and
  the issue is resolved by refreshing the browser or if you recycle the MSExchangeOWAAppPool on both DAG members, the issue is resolved immediately (OWA session re-established on refresh).
  Testing so far involved opening multiple OWA sessions and activating a database copy.  At that point, upon refresh of the browser the below error is shown (in all test browsers/sessions below) where I would expect any DAG member to be able to proxy
  the client request to the active database server immediately (and not after several minutes).
  https://netscaler_LB/owa
  https://ex2013server-1/owa
  https://ex2013server-2/owa

  Hi Simon, I have tested with no firewall on the exchange servers and on client machines within the same subnet as the servers.  All with the same results.
  I can see many ASP.NET 4.0.30319.0 Event ID 1309 logs similar to this and other threads (http://social.technet.microsoft.com/Forums/windowsserver/en-US/c938dda0-b3bc-4544-851e-f27b503cf4ed/exchange-2013-event-id-1309-source-aspnet-40303190).
  IIS logs show similar monitoring mailbox issues but I am still currently looking through the logs.  Thanks for your input.
  2014-03-30 00:00:23 127.0.0.1 POST /owa/proxylogon.owa - 444 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING;+OWADEEPTEST) - 401 0 0 13
  2014-03-30 00:00:23 127.0.0.1 POST /owa/proxylogon.owa - 444 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING;+OWADEEPTEST) - 401 0 0 13
  2014-03-30 00:00:23 127.0.0.1 POST /owa/proxylogon.owa - 444 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING;+OWADEEPTEST) - 401 1 2148074254 0
  2014-03-30 00:00:23 127.0.0.1 POST /owa/proxylogon.owa - 444 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING;+OWADEEPTEST) - 401 1 2148074254 0
  2014-03-30 00:01:23 ::1 POST /owa/proxylogon.owa &ex=UE:Microsoft.Exchange.Data.Storage.IllegalCrossServerConnectionException 444 DOMAIN\SM_3ce57cd622aa4655a ::1 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING;+OWADEEPTEST)
  - 302 0 0 47
  2014-03-30 00:01:23 ::1 POST /owa/proxylogon.owa &ex=UE:Microsoft.Exchange.Data.Storage.IllegalCrossServerConnectionException 444 DOMAIN\SM_2891f9d41af2422e8 ::1 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING;+OWADEEPTEST)
  - 302 0 0 47