May, 03rd 2019     
by Edgar Gierth

Prepare legacy Windows OS for Exchange Server 2019 TLS 1.2

Exchange Server 2019 does not support TLS version prior TLS 1.2 anymore. Older Outlook clients are using TLS 1.1 or only TLS 1.0 by default. Therefore, those clients will never could connect to Exchange Server 2019 successfully. However, before you can install Exchange Server 2019 in a coexistence mode into an existing legacy Exchange Server environment some preparations are still have to been realizied.

Microsoft Update KB3140245

In 2016 Microsoft already had published an update for different legacy Windows Client- and Sevrer- Versions to fix this issue by activating TLS 1.1 and TLS 1.2 as default secure protocols. If this update is allready installed on all legacy Windows Systems, no further step will be needed. Otherwise this update have to be installed on every involved and legacy Windows client.

Visit the official Microsoft Update Catalog to download the hotfix:
Update to enable TLS 1.1 and TLS 1.2 as default secure protocols

Registry Update needed

To apply this update, the DefaultSecureProtocols registry subkey must be added on the clients. To do this, you can add the registry subkey manually or install the "Easy fix" to populate the registry subkey.

For TLS 1.1
Registry location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client
DWORD name: DisabledByDefault
DWORD value: 0

For TLS 1.2
Registry location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client
DWORD name: DisabledByDefault
DWORD value: 0

Howto apply this Update