How to Fix TLS “SchUseStrongCryptoValue: Null

If you are getting “StrongCrypto” error as below after configuring TLS on your Microsoft Exchange Servers;

v4.0.30319 SchUseStrongCryptoValue: NULL --- Error: Value should be defined in registry for consistent results.
v4.0.30319 WowSchUseStrongCryptoValue: NULL --- Error: Value should be defined in registry for consistent results.

The values you need to define for “StrongCrypto” are as follows:

Set “Strong Cryptography” on 32-bit .Net Framework

Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord

 

Set “Strong Cryptography” on 64-bit .Net Framework

Set-ItemProperty -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord

 

Have a nice day!

Exchange Server 2013 End of Support Coming Soon – News !

Microsoft Exchange Server 2013 will reach its end of support on April 11, 2023.

This means that Microsoft will no longer provide security updates, technical assistance, or online technical content updates for the product. It is highly recommended that organizations using Exchange Server 2013 upgrade to a newer version of Exchange.

After that date, Microsoft will no longer provide:

  • Security fixes for vulnerabilities that are discovered and that may make the server vulnerable to security breaches
  • Bug fixes for issues that are discovered and that may impact the stability and usability of the server
  • Technical support for problems that may occur
  • Time zone updates
  • Even if the product continues to work after this date, It’s recommended to start “Exchange Server 2013” to “Exchange Online” or “Exchange Server 2019” migration as soon as possible.

 

 

Have a nice day!

 

January 2023 Exchange Server Security Updates

Microsoft Exchange Servers security updates have been released for January 2023.

These updates are available for the following specific versions of Exchange Server:

Exchange Server 2013 CU23 SU19
Exchange Server 2016 CU23 SU5
Exchange Server 2019 CU11 SU9 & CU12 SU5

The recommendation is to install these updates immediately to protect your environment.
In the scenario where you do a Cumulative Update(CU), you need to make security updates. Otherwise, remember that you have to do the Cumulative Update(CU) first and then the Security Update(SU).

Inventory your Exchange Servers to determine which updates –> “Exchange Server Health Checker
Choose your current CU and your target CU to get directions –>  “Exchange Update Wizard
If you encounter errors during or after installation of Exchange Server –> “Exchange Setup Assist

Recommended Action :

  • Enable certificate signing of Powershell serialization payload
  • To defend Exchange Servers against attacks on serialized data, added certificate-based signing of PowerShell serialization payloads.
  • If you have a server running Microsoft Exchange Server 2013 in your environment, we recommend that you don’t turn on serialization payload signing for now.
  • In the first stage of rollout, this new feature must be manually enabled by an Exchange Server admin due to feature dependencies.
  • You can use to validate/create the required auth certificate

 

Note: Don't double-click the 'MSP file' to run it. Run Command Prompt (not Powershell) as an Administrator.

 

Have a nice day!