Fix: Modern Hybrid Agent exit code 1603 on Exchange 2016

Today I was faced with a new issue while running through the Hybrid Configuration Wizard on a new Exchange 2016 machine running Windows Server 2016.

This error can also be seen in the HCW log file which can be found in %AppData%\Roaming\Microsoft\Exchange Hybrid Configuration on the machine running HCW. Open the latest Date_time.log file using Notepad and you’ll a similar message to the below:

2022.07.28 09:09:48.589         10341 [Client=UX, Page=HybridConnectorInstall, Step=InstallConnector, Thread=18] FINISH Time=33.0s Results=Failed Setup terminiated with an Exit Code 1603.

Exit code 1603 is a generic error which helpfully tells us nothing about what might be causing it. Reading through the Hybrid Agent system requirements, I spotted TLS 1.2 which is not enabled by default in Server 2016.

As such, adding the below registry keys got me through the Wizard (after restarting it; no need to reboot the machine):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727] "SystemDefaultTlsVersions" = dword:00000001 "SchUseStrongCrypto" = dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] "SystemDefaultTlsVersions" = dword:00000001 "SchUseStrongCrypto" = dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v2.0.50727] "SystemDefaultTlsVersions" = dword:00000001 "SchUseStrongCrypto" = dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319] "SystemDefaultTlsVersions" = dword:00000001 "SchUseStrongCrypto" = dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727] "SystemDefaultTlsVersions" = dword:00000001 "SchUseStrongCrypto" = dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319] "SystemDefaultTlsVersions" = dword:00000001 "SchUseStrongCrypto" = dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft.NETFramework\v2.0.50727] "SystemDefaultTlsVersions" = dword:00000001 "SchUseStrongCrypto" = dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft.NETFramework\v4.0.30319] "SystemDefaultTlsVersions" = dword:00000001 "SchUseStrongCrypto" = dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client] "DisabledByDefault"=dword:00000000 "Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server] "DisabledByDefault"=dword:00000000 "Enabled"=dword:00000001

If I’d been sensible and ran the optional prerequisite connectivity verification, I believe this issue would have been highlighted before I’d began as it does check that TLS 1.2 is enabled.

As I wrote earlier, this error code is generic so I can’t promise this article will fix your instance, though you’ll at least be able to rule out one possibility.

Leave a comment