We recently ascertained that our Exchange 2013 server has weak SSL keys and ciphers.

I researched how to improve this and put in the recommended registry settings to disable SSL 2.0/3.0 and TLS 1.0, and enable TLS 1.1/1.2, plus stronger ciphers.

With these settings we had an A- on the Qualys SSL checker.

Then Outlook 2013 would not function at all -- people would get a 'profile could not be found' message.

OWA worked correctly.

Which of the 'less secure' protocols are required to be left enabled for Outlook 2013 to work correctly, yet have TLS 1.1/1.2 be the default etc.??

The Outlook 2013 btw is running on Windows Server 2012 R2 Remote Desktop Host -- I could never get it working with a PRF file but it does get the profile and give people their email etc.

Exchange 2013 is also on Windows Server 2012 R2 and it has the most current CU 8 update.

Thank you, Tom

We recently ascertained that our Exchange 2013 server has weak SSL keys and ciphers.

I researched how to improve this and put in the recommended registry settings to disable SSL 2.0/3.0 and TLS 1.0, and enable TLS 1.1/1.2, plus stronger ciphers.

With these settings we had an A- on the Qualys SSL checker.

Then Outlook 2013 would not function at all -- people would get a 'profile could not be found' message.

OWA worked correctly.

Which of the 'less secure' protocols are required to be left enabled for Outlook 2013 to work correctly, yet have TLS 1.1/1.2 be the default etc.??

The Outlook 2013 btw is running on Windows Server 2012 R2 Remote Desktop Host -- I could never get it working with a PRF file but it does get the profile and give people their email etc.

Exchange 2013 is also on Windows Server 2012 R2 and it has the most current CU 8 update.

Thank you, Tom

Why not undo the registry changes one at a time and see what works?