Summary
Transport Layer Security (TLS) negotiation happens in an earlier version of Microsoft Exchange Server 2016. This causes an error Event ID 30 to be logged under CIAPI2 in the Event Viewer and incurs an unnecessary TLS cost. After you apply this update, you can enable the UseAscReqNoToken by editing the “MSExchangeFrontendTransport.exe.config” file.
Cause
In datacenter edition of Windows Server, there's an option that doesn't require tokens during TLS security negotiation. It's controlled by a flight that's not enabled in Standard edition of Windows Server.
How to get this update
To get this update, install Cumulative Update 11 for Exchange Server 2016 or a later cumulative update for Exchange Server 2016.
To enable the UseAscReqNoToken, follow these steps:
-
Locate the MSExchangeFrontEndTransport.exe configuration file.
Note By default, this file can be found in the following location:%ExchangeInstallPath%Bin\MSExchangeFrontendTransport.exe.config
-
Add the following line under <appSettings>: … <appSettings> // Add the following line. <add key="SmtpReceiveUseAscReqNoTokenDuringTlsNegotiation" value="true" /> // End of the added line. …
-
Save the changes, and then restart the Front End Transport service on the server.
Status
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
References
Learn about the terminology that Microsoft uses to describe software updates.