Updated 25/05/23 to include .reg file
Today I was faced with a new issue while running through the Hybrid Configuration Wizard on a new Exchange 2016 machine running Windows Server 2016.
This error can also be seen in the HCW log file which can be found in %AppData%\Roaming\Microsoft\Exchange Hybrid Configuration on the machine running HCW. Open the latest Date_time.log file using Notepad and you’ll a similar message to the below:
2022.07.28 09:09:48.589 10341 [Client=UX, Page=HybridConnectorInstall, Step=InstallConnector, Thread=18] FINISH Time=33.0s Results=Failed Setup terminiated with an Exit Code 1603.
Exit code 1603 is a generic error which helpfully tells us nothing about what might be causing it. Reading through the Hybrid Agent system requirements, I spotted TLS 1.2 which is not enabled by default (SCHANNEL) in Server 2016.
As such, adding the below registry keys got me through the Wizard (after restarting it; a full machine reboot wasn’t required). To speed this up, copy the below text to Notepad and save as a .reg file:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client] "DisabledByDefault"=dword:00000000 "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server] "DisabledByDefault"=dword:00000000 "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727] "SystemDefaultTlsVersions"=dword:00000001 "SchUseStrongCrypto"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] "SystemDefaultTlsVersions"=dword:00000001 "SchUseStrongCrypto"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v2.0.50727] "SystemDefaultTlsVersions"=dword:00000001 "SchUseStrongCrypto"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319] "SystemDefaultTlsVersions"=dword:00000001 "SchUseStrongCrypto"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727] "SystemDefaultTlsVersions"=dword:00000001 "SchUseStrongCrypto"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319] "SystemDefaultTlsVersions"=dword:00000001 "SchUseStrongCrypto"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft.NETFramework\v2.0.50727] "SystemDefaultTlsVersions"=dword:00000001 "SchUseStrongCrypto"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft.NETFramework\v4.0.30319] "SystemDefaultTlsVersions"=dword:00000001 "SchUseStrongCrypto"=dword:00000001
If I’d been sensible and ran the optional prerequisite connectivity verification, I believe this issue would have been highlighted before I’d began as it does check that TLS 1.2 is enabled.
As I wrote earlier, this error code is generic so I can’t promise this article will fix your instance, though you’ll at least be able to rule out one possibility.
Thank a lot! Solve my problem on W2012R2 too!
Worked for me!
Worked for me!! No reboot required.
Exchange 2013 / Windows Server 2012 R2
Worked for me too, Thanks! No reboot required.
Exchange 2016 / Windows Server 2016
This is an easy copy and paste from Microsoft for the needed registry keys listed above so no need to add each individually https://learn.microsoft.com/en-us/exchange/exchange-tls-configuration?view=exchserver-2019
https://www.taste-of-it.de/powershell-force-invoke-webrequest-to-use-tls-v1-2/
I created a powershell script for you lazy admins out there!
https://github.com/Simulator001/RandomScripts/blob/main/CreateValuesTLSVersion1.2W2012.ps1
That’s great, thanks. I’ve also updated the post to include a .reg file.
Worked for me too. Thank you for taking the time to write and provide help to others.
Works for me Thanks you !!
Works for me Thanks you !!
Exchange 2016 CU22