Enable TLS 1.1 & 1.2 in Windows 7 SP1

We noticed that all the Windows 7 machines with Microsoft Outlook 2016 installed are not able to connect to Exchange 2016 Server after disabling TLS 1.0 – Please refer to my previous pos

We realize that TLS 1.1 & 1.2 was NOT enabled by default in Windows 7 after some research done from Google and this is confirmed by running fiddler to have a detail checking on the HTTP/HTTPS traffics

Please refer to the steps below to enable TLS 1.1 & 1.2 Support in Windows 7
1. Ensure that KB3140245 is installed – To enable WinHTTP which is used by Microsoft Outlook to support TLS 1.1 & 1.2
2. To force WinHTTP to use TLS 1.1 & 1.2

$WINHTTP="HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp\"
New-ItemProperty $WINHTTP -Name "DefaultSecureProtocols" -Value "2560" -PropertyType "DWord"
#For Windows 7 x64 
$WINHTTP64="HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp\"
New-ItemProperty $WINHTTP64 -Name "DefaultSecureProtocols" -Value "2560" -PropertyType "DWord"
  1. Enable TLS 1.1 & 1.2 Support in Windows 7

$TLSPath = "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols"
New-Item -Path $TLSPath -Name "TLS 1.2"
New-Item -Path $TLSPath\"TLS 1.2" -Name "Client"
New-Item -Path $TLSPath\"TLS 1.2" -Name "Server"
New-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.2\Client' -Name "DisabledByDefault" -Value 0 -PropertyType "DWord"

New-Item -Path $TLSPath -Name "TLS 1.1"
New-Item -Path $TLSPath\"TLS 1.1" -Name "Client"
New-Item -Path $TLSPath\"TLS 1.1" -Name "Server"
New-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.1\Client' -Name "DisabledByDefault" -Value 0 -PropertyType "DWord"
  1. Reboot Windows 7 and Microsoft Outlook should be able to connect to Exchange 2016 via MAPI successfully now

Reference links
1. https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in
2. https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn786418(v=ws.11)
3. https://blogs.technet.microsoft.com/schrimsher/2016/07/08/enabling-tls-1-1-and-1-2-in-outlook-on-windows-7/

Leave a Comment