Hi all,

I'm having problems with users syncing their Android 5.0.x devices with our Exchange server. This article (https://code.google.com/p/android/issues/detail?id=79389) suggests disabling TLS 1.2 would fix the issue, however, I can't find the option in EAC that would allow me to do this.

Where would I find this option, or is it only possible via the Shell? If so, what command would I use to do this (and subsequently re-enable)?

Thanks :)

I've never heard of having to do that.

The article you linked has a link to instruction for making the change.

Thanks for the reply. I've seen the article regarding the windows update that may have caused an issue with this (https://support.microsoft.com/en-us/kb/2992611), however, the fix instructions are unclear. I will try uninstalling and reinstalling the update as I believe they are trying to suggest; but if you have any advice on this, it would be much appreciated!

Thanks

It would appear that this doesn't work! I've re-installed the update then attempted to install KB3018238 only to be told that this update isn't applicable to this computer.

Is there any way to manually remove those cipher suites? I thought the article would detail this, but no!!

Any other suggestions?

Post #98 implies that this is an easy thing to do; and the cipher suites thing I've never come across before. 

Can anyone provide a link that details how to remove the cipher suites added by KB2992611, as I've tried uninstalling the update but this doesn't work.

Or is "disabling TLS 1.2" actually possible to do? There's no easy option to do this anywhere. I've tried the reg edit (disabling TLS by setting the DWORD "Enabled" to 0 in HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server and then restarting) but this doesn't work.

Thanks

Hi,

I have found some information about disabling TLS 1.2 .

"To disable the TLS 1.2 protocol, create an Enabled entry in the appropriate subkey. This entry does not exist in the registry by default. After you have created the entry, change the DWORD value to 0. To enable the protocol, change the DWORD value to 0xffffffff."

More detailed information,please refer to the link:

https://technet.microsoft.com/en-us/library/dn786418.aspx#BKMK_SchannelTR_TLS12

I have noticed users had issues when syncing their Android 5.0.x devices with  Exchange server.

In Mobile Client side, please clear all caches and Exchange account configuration, please try to re-configure the account to check whether the issue persists. If the issue persists, I suggest we can ask a question in Exchange ActiveSync forum for more help:

https://social.technet.microsoft.com/Forums/exchange/enUS/home?forum=exchangesvrmobilitylegacy  

Regards,

David

Thanks David; I had already tried creating the registry key as above.

The Exchange server in question was part of a DAG, and this change was required on both Exchange servers for the device syncing to work!

So; to summarise; create (or modify if it already exists) an entry called "Enabled" in the following subkeys:

HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server

HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client

Set the DWORD value to 0 and restart the server. Make these changes on all Exchange servers in the DAG (if applicable).

Hope this helps someone :)

• Marked as answer by KL2012 17 hours 33 minutes ago