With the release of the following Exchange updates Microsoft has announced TLS 1.2 can be strictly enabled on Exchange Server and earlier TLS/SSL versions can now be disabled.
After disabling TLS 1.0 and TLS 1.1 on the system Symantec Mail Security for Microsoft Exchange (SMSMSE) can no longer perform Manual/Scheduled scans.
Once TLS 1.0 is disabled on the Exchange server, SMSMSE will be unable to contact Autodiscover to determine the EWS URL. This will result in SMSMSE failing to retreive the URL and being unable to contact EWS.
DebugView (SMSMSE Debug logging):
[] SMSMSE EWS Client: The Autodiscover service couldn't be located.
[] Source: Symantec.MailSecurity.EWS.Client.SMSMSEEWSClient::AutodiscoverUrl
[] SMSMSE EWS Client: Autodiscovery try 20 failed
[] Source: Symantec.MailSecurity.EWS.Client.SMSMSEEWSClient::AutodiscoverUrl
Additionally, with SMSMSE being unable to contact EWS, Manual or Scheduled scans will result in the following Windows events:
Event Viewer Application logs:
Log Name: Application
Source: Symantec Mail Security for Microsoft Exchange
Date:
Event ID: 396
Task Category: Manual and Scheduled Scanning
Level: Error
Keywords: Classic
User: N/A
Computer:
Description:
The scan Manual could not be completed as Microsoft Exchange's Client Access Server is not reachable.
Error code: 0x80004005
Log Name: Application
Source: Symantec Mail Security for Microsoft Exchange
Date:
Event ID: 394
Task Category: Manual and Scheduled Scanning
Level: Error
Keywords: Classic
User: N/A
Computer:
Description:
Scan Failed: Manual.
Portions of Symantec Mail Security for Microsoft Exchange (SMSMSE) were compiled using .NET 2.0. The prerequisites for installation of SMSMSE indicate .NET 3.5 is required due to the inclusion of .NET 2.0 for Server 2008R2 and later. By default .NET 2.0 does not have TLS 1.2 support enabled.
To allow .NET 2.0 compiled applications to communicate using TLS 1.2, first apply the appropriate patch for your operating system to allow .NET applications to communicate using TLS 1.2:
Next, follow the steps outlined below to enable TLS 1.2 for .NET 2.0.
For more information on enabling strict usage of TLS 1.2 in Microsoft Exchange see the following Microsoft articles:
TLS 1.2 for .NET 2.0:
TLS/SSL Protocols by Windows OS:
Exchange strict usage of TLS 1.2 only.