Could not create SSL/TLS secure channel error when running Hybrid Configuration wizard

  • Article
  • Applies to:
    Exchange Online, Exchange Server 2013 Standard Edition, Exchange Server 2013 Enterprise

Original KB number:   3067292

Symptoms

You want to set up a hybrid deployment between your on-premises Microsoft Exchange Server organization and Microsoft Exchange Online in Microsoft 365. However, when you run the Hybrid Configuration wizard, the wizard doesn't complete successfully, and you receive a The request was aborted: Could not create SSL/TLS secure channel error message. The full text of the message resembles the following:

ERROR:Updating hybrid configuration failed with error 'Subtask Configure execution failed: Creating Organization Relationships.
Execution of the Set-FederatedOrganizationIdentifier cmdlet had thrown an exception. This may indicate invalid parameters in your Hybrid Configuration settings.
An error occurred while attempting to provision Exchange to the Partner STS. Detailed Information: "An error occurred accessing Windows Live." Detailed information: ""The request was aborted: Could not create SSL/TLS secure channel.""."".
at Microsoft.Exchange.Management.Hybrid.RemotePowershellSession.RunCommand(String cmdlet, Dictionary`2 parameters, Boolean ignoreNotFoundErrors)

Cause

This issue can occur if firewall settings or proxy server settings are configured incorrectly.

Resolution

  1. Configure the settings on the proxy server to allow access to the endpoints that are used by the service. For a list of IP addresses and URLs that are used by Exchange Online, see the Exchange Online section of Microsoft 365 URLs and IP addresses.

  2. Make sure that proxy settings are configured correctly on the Exchange servers in your environment by doing the following:

    1. Set the proxy in Internet Explorer.

    2. Set the proxy by using the netsh command-line tool. For more information, see Netsh Commands in for Windows Hypertext Transfer Protocol.

    3. Set the proxy by using the Set-ExchangeServer cmdlet. For example, run the following command:

      Set-ExchangeServer NameOfServer -InternetWebProxy Http://proxyURL:Port

      For more information, see Set-ExchangeServer.

  3. Rerun the Hybrid Configuration wizard.

If issue persists, contact Microsoft Support, and reference this article.

Still need help? Go to Microsoft Community or the Exchange TechNet Forums.