Exchange 2016 Free/Busy Not Working? Maybe TLS 1.0 & 1.1 are the Culprit
Firstly, it would be worthwhile to read Microsoft’s troubleshooting wizard which walks you through a resolution for the free/busy issue as it relates to hybrid. The type of free/busy issue I want to discuss here is more as it relates to on-prem deployments, specifically when a Windows 2016 server is new in the environment.
So, you have the shiny and new Exchange, configured and in coexistence with the other Exchange 2016 servers: or Exchange 2010 if you are upgrading. You’ve followed all the guides and documentation exactly and everything is looking great, so you move over a test mailbox and begin trialing the functionality. You notice that when trying to view availability in the calendar you can’t. You go back through everything, all the virtual directories are configured, there are no permissions blocking or missing and nothing is blocking the network between the servers.
One of the more telling signs of this issue is when you’re reviewing logs and events and you are consistently seeing an error, typically Event ID 4002:
The telling line is:
“…System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host”
In the error logs you might see “Proxy web request fail, inner exception: The underlying connection was closed.” Based on my research this issue can be caused by a lot of different things, with an equal number of potential fixes to try, based on whichs forums you’re seeing.
Transport Layer Security is the successor to Secure Sockets Layer (SSL) and is a way to provide secure communications over a computer network. It is used to ensure the communication between the services (server to server or client to server for example) is private and helps prevent it from being fiddled with while in transit. This is done with authentication and integrity checks against the message authentication code to validate there are no losses or alterations. It is essential to help protect data and is in use in more places than you may realize.
GREAT, HOW DO I FIX IT?
This is really a strange one, not long ago Microsoft had been pushing to sunset TLS 1.0 and 1.1 and has been vocal about requiring 1.2 to access Microsoft 365 services. They published a series of blogs about getting ready for TLS 1.2 and no longer utilizing the older protocols. I recently ran into the issue of free/busy which I described above, and there was a lot of head scratching because it was between three brand new Exchange 2016 servers! In this case the fix was to disable the usage of 1.0 and 1.1 in the environment completely and to put the following registry keys on all of the
These two keys force the server to always use TLS 1.2, however it will require a reboot before they will take effect. Once the keys were placed in the Exchange servers the free/busy issue was immediately cleared up!
A quick note, which it would be worthwhile to walk through is Microsoft’s Exchange guide to prepare for TLS 1.2. Part 1 is the investigation and preparation of the servers, Part 2 walks through enabling 1.2 on Exchange servers and Part 3 provides guidance for disabling the old protocols in the environment.
I subsequently had two more customers who had very similar issues with their on-premises environments, with different setups (2010 & 2016 coexistence). The fix in both cases was to use the above stated registry keys to force the 2016 servers to communicate on TLS 1.2.
Hopefully, this resolves your free/busy issue once you’ve also investigated and tried some of the more conventional methods (hint: check your network). If you have any questions or need assistance, please don’t hesitate to reach out to Insentra!
Join the Insentra Community with the Insentragram Newsletter
Hungry for more?
MapOne – Part 3 – Customer Case Study
By [Lee Foster]
Quick recap – What is #MapOne? – In its most basic form, #MapOne is a fixed price engagement targeting senior stakeholders in the business (often executives CIO, CTO, CISO, CDO) delivered through a series of workshops, meetings, interviews and interactive sessions.