Sign in with Microsoft
Sign in or create an account.
Hello,
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.

We have deprecated the use of legacy TLS for all Exchange Online endpoints. If TLS 1.2 is not enabled on your servers that are running Exchange Online, and you are still using a hybrid Exchange Server environment, you will experience the following issues:

  • Inability to access free/busy information of Exchange Online mailboxes

  • Inability to access cloud archives by users whose primary mailbox is on-premises

TLS deprecation will also affect users when they create a federation trust manually or by using the Hybrid Configuration Wizard (HCW) if TLS 1.2 is not configured. 

  1. When you create a federation trust manually, you may experience the following issue when you run the Set-FederatedOrganizationIdentifier cmdlet:  

    Set-FederatedOrganizationIdentifier  

    -DelegationFederationTrust 'Microsoft Federation Gateway'  

    -AccountNamespace <account namespace>  

    -Enabled $True  

    -Verbose

    Error: 

    An error occurred while attempting to provision Exchange to the Partner STS.  

    Detailed Information:

    "An error occurred accessing Windows Live".
    "The underlying connection was closed: An unexpected error occurred on a send."." 

  2. If you are using the HCW to configure a hybrid environment between Microsoft Exchange Server 2010 and Exchange Online, and the wizard is stuck at the domain verification stage, this situation might be caused by the same issue. You can verify this by looking at the HCW logs. 

Resolution

To resolve this issue, make sure that your on-premises environment supports TLS 1.2. We have deprecated TLS protocols 1.0 and 1.1 for Microsoft Office 365. The following articles include steps about how to implement TLS 1.2:

After you enable TLS 1.2, enable the federation trust manually or by using HCW. If the issue persists, run the following commands in the Exchange Management Shell before you use Set-FederatedOrganizationIdentifier:

  • Add-PSSnap in Microsoft.Exchange.Management.PowerShell.E2010

  • [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 

  • Set-FederatedOrganizationIdentifier  

    -DelegationFederationTrust 'Microsoft Federation Gateway'  

    -AccountNamespace <account namespace>  

    -Enabled $True  

    -verbose 

Facebook LinkedIn Email

Need more help?

Want more options?

Discover Community

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Ask the Microsoft Community

Microsoft Tech Community

Windows Insiders

Microsoft 365 Insiders

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!

×