Enable TLS 1.1 & 1.2 in Windows 7 SP1

Leave a Comment / By /

We noticed that all the Windows 7 machines with Microsoft Outlook 2016 installed are not able to connect to Exchange 2016 Server after disabling TLS 1.0 – Please refer to my previous pos

We realize that TLS 1.1 & 1.2 was NOT enabled by default in Windows 7 after some research done from Google and this is confirmed by running fiddler to have a detail checking on the HTTP/HTTPS traffics

Please refer to the steps below to enable TLS 1.1 & 1.2 Support in Windows 7
1. Ensure that KB3140245 is installed – To enable WinHTTP which is used by Microsoft Outlook to support TLS 1.1 & 1.2
2. To force WinHTTP to use TLS 1.1 & 1.2

<span class="token variable">$WINHTTP</span>=<span class="token string">"HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp\"</span>
<span class="token function">New-ItemProperty</span> <span class="token variable">$WINHTTP</span> <span class="token operator">-</span>Name <span class="token string">"DefaultSecureProtocols"</span> <span class="token operator">-</span>Value <span class="token string">"2560"</span> <span class="token operator">-</span>PropertyType <span class="token string">"DWord"</span>
<span class="token comment">#For Windows 7 x64 </span>
<span class="token variable">$WINHTTP64</span>=<span class="token string">"HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp\"</span>
<span class="token function">New-ItemProperty</span> <span class="token variable">$WINHTTP64</span> <span class="token operator">-</span>Name <span class="token string">"DefaultSecureProtocols"</span> <span class="token operator">-</span>Value <span class="token string">"2560"</span> <span class="token operator">-</span>PropertyType <span class="token string">"DWord"</span>
  1. Enable TLS 1.1 & 1.2 Support in Windows 7
<span class="token function">
$TLSPath = "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols"
New-Item</span> <span class="token operator">-</span>Path <span class="token variable">$TLSPath</span> <span class="token operator">-</span>Name <span class="token string">"TLS 1.2"</span>
<span class="token function">New-Item</span> <span class="token operator">-</span>Path <span class="token variable">$TLSPath</span>\<span class="token string">"TLS 1.2"</span> <span class="token operator">-</span>Name <span class="token string">"Client"</span>
<span class="token function">New-Item</span> <span class="token operator">-</span>Path <span class="token variable">$TLSPath</span>\<span class="token string">"TLS 1.2"</span> <span class="token operator">-</span>Name <span class="token string">"Server"</span>
<span class="token function">New-ItemProperty</span> <span class="token string">'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Client'</span> <span class="token operator">-</span>Name <span class="token string">"DisabledByDefault"</span> <span class="token operator">-</span>Value 0 <span class="token operator">-</span>PropertyType <span class="token string">"DWord"</span>

<span class="token function">New-Item</span> <span class="token operator">-</span>Path <span class="token variable">$TLSPath</span> <span class="token operator">-</span>Name <span class="token string">"TLS 1.1"</span>
<span class="token function">New-Item</span> <span class="token operator">-</span>Path <span class="token variable">$TLSPath</span>\<span class="token string">"TLS 1.1"</span> <span class="token operator">-</span>Name <span class="token string">"Client"</span>
<span class="token function">New-Item</span> <span class="token operator">-</span>Path <span class="token variable">$TLSPath</span>\<span class="token string">"TLS 1.1"</span> <span class="token operator">-</span>Name <span class="token string">"Server"</span>
<span class="token function">New-ItemProperty</span> <span class="token string">'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Client'</span> <span class="token operator">-</span>Name <span class="token string">"DisabledByDefault"</span> <span class="token operator">-</span>Value 0 <span class="token operator">-</span>PropertyType <span class="token string">"DWord"</span>
  1. Reboot Windows 7 and Microsoft Outlook should be able to connect to Exchange 2016 via MAPI successfully now

Reference links
1. https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in
2. https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn786418(v=ws.11)
3. https://blogs.technet.microsoft.com/schrimsher/2016/07/08/enabling-tls-1-1-and-1-2-in-outlook-on-windows-7/

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top