Today I was faced with a new issue while running through the Hybrid Configuration Wizard on a new Exchange 2016 machine running Windows Server 2016.

This error can also be seen in the HCW log file which can be found in %AppData%\Roaming\Microsoft\Exchange Hybrid Configuration on the machine running HCW. Open the latest Date_time.log file using Notepad and you’ll a similar message to the below:
2022.07.28 09:09:48.589 10341 [Client=UX, Page=HybridConnectorInstall, Step=InstallConnector, Thread=18] FINISH Time=33.0s Results=Failed Setup terminiated with an Exit Code 1603.
Exit code 1603 is a generic error which helpfully tells us nothing about what might be causing it. Reading through the Hybrid Agent system requirements, I spotted TLS 1.2 which is not enabled by default (SCHANNEL) in Server 2016.
As such, adding the below registry keys got me through the Wizard (after restarting it; a full machine reboot wasn’t required):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727] "SystemDefaultTlsVersions" = dword:00000001 "SchUseStrongCrypto" = dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] "SystemDefaultTlsVersions" = dword:00000001 "SchUseStrongCrypto" = dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v2.0.50727] "SystemDefaultTlsVersions" = dword:00000001 "SchUseStrongCrypto" = dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319] "SystemDefaultTlsVersions" = dword:00000001 "SchUseStrongCrypto" = dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727] "SystemDefaultTlsVersions" = dword:00000001 "SchUseStrongCrypto" = dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319] "SystemDefaultTlsVersions" = dword:00000001 "SchUseStrongCrypto" = dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft.NETFramework\v2.0.50727] "SystemDefaultTlsVersions" = dword:00000001 "SchUseStrongCrypto" = dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft.NETFramework\v4.0.30319] "SystemDefaultTlsVersions" = dword:00000001 "SchUseStrongCrypto" = dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client] "DisabledByDefault"=dword:00000000 "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server] "DisabledByDefault"=dword:00000000 "Enabled"=dword:00000001
If I’d been sensible and ran the optional prerequisite connectivity verification, I believe this issue would have been highlighted before I’d began as it does check that TLS 1.2 is enabled.
As I wrote earlier, this error code is generic so I can’t promise this article will fix your instance, though you’ll at least be able to rule out one possibility.
Thank a lot! Solve my problem on W2012R2 too!
Worked for me!
Worked for me!! No reboot required.
Exchange 2013 / Windows Server 2012 R2
Worked for me too, Thanks! No reboot required.
Exchange 2016 / Windows Server 2016
This is an easy copy and paste from Microsoft for the needed registry keys listed above so no need to add each individually https://learn.microsoft.com/en-us/exchange/exchange-tls-configuration?view=exchserver-2019