Transport Layer Security (TLS) negotiation happens in an earlier version of Microsoft Exchange Server 2016. This causes an error Event ID 30 to be logged under CIAPI2 in the Event Viewer and incurs an unnecessary TLS cost. After you apply this update, you can enable the UseAscReqNoToken by editing the “MSExchangeFrontendTransport.exe.config” file.


In datacenter edition of Windows Server, there's an option that doesn't require tokens during TLS security negotiation. It's controlled by a flight that's not enabled in Standard edition of Windows Server.

How to get this update

To get this update, install Cumulative Update 11 for Exchange Server 2016 or a later cumulative update for Exchange Server 2016.

To enable the UseAscReqNoToken, follow these steps:

  1. Locate the MSExchangeFrontEndTransport.exe configuration file.

    Note By default, this file can be found in the following location:


  2. Add the following line under <appSettings>: … <appSettings> // Add the following line. <add key="SmtpReceiveUseAscReqNoTokenDuringTlsNegotiation" value="true" /> // End of the added line. …

  3. Save the changes, and then restart the Front End Transport service on the server.


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.


Learn about the terminology that Microsoft uses to describe software updates.

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Thank you for your feedback!