Windows Server 2022 TLS and Server Manager errors.

Cobion 111 Reputation points
2022-12-29T20:20:50.373+00:00

hello everyone!
We are migrating from Exchange 2016 to 2019 version.

After installing Exchange 2019 CU12 distributions on Windows Server 2022 and creating a DAG, the following two errors appeared.
1.There is an error in the system logs for the TLS protocol:
Log Name: System
Source: Schannel
Date: 12/29/2022 3:38:44 PM
Event ID: 36871
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: ru1-mbx-01.cobion.group
Description:
A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

corrected according to this recommendation: a-fatal-error-occurred-while-creating-a-tls-client-credential
Will disabling the script of the first problem affect the work of clients and the mail service?

2.An error like this constantly appears in the Server Manager panel:
274888-sm2.png
Is there a relationship with mail services, the appearance of an error in Server Manager?
Wherever I Googled this error, it didn't help.
Both of these errors appeared after we installed MS Exchange 2019 CU 12 distributions on Windows Server 2022.

Actually two questions:

  1. Will disabling the script of the first problem affect the work of clients and the mail service?
  2. Is there a relationship with mail services, the appearance of an error in Server Manager?

Thanks!

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,793 questions
0 comments No comments
{count} vote

3 answers

Sort by: Most helpful
  1. Aholic Liang-MSFT 13,861 Reputation points Microsoft Vendor
    2022-12-30T06:02:16.407+00:00

    Hi @Cobion ,

    1. By default, Windows Server 2022 uses Transport Layer Security (TLS) 1.3. Support for TLS 1.3 will be added to Exchange Server 2019 in 2023.

    It is recommend that you currently enable TLS 1.2 on your Exchange server, which does not affect the work of clients and messaging services.
    275014-2022-12-30-1.png

    2.Regarding the error in Server Manager, I found some relevant threads for your reference:
    computed response packet size (microsoft.com)
    WinRM packet size is somehow too big so everything decides to freak out - Microsoft Q&A
    According to the problem scenarios provided by other users, this is not only due to the error caused by installing exchange2019.It is recommended that you run this command to increase the maximum envelope size to see if it works:

    winrm set winrm/config @{MaxEnvelopeSizekb="xxxxx"}   
    

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  2. Cobion 111 Reputation points
    2022-12-30T07:10:07.787+00:00

    Hi! Tell me, do I need to manually enable TLS 1.2 on Exchange 2019, or is it enabled by default? I just don't remember it being enabled on the original Exchange 2016. Where can I see it?
    Thanks!

    And if there is an opportunity, please tell me about the security settings (Extended Protection in Exchange Server - description-of-the-security-update-for-microsoft-exchange-server-2019-and-2016-october-11-2022-kb5019077-b5ae8793-5e5c-4faa-972d-9228945973e5), in the latest SU Exchange Server 2019 CU12 Nov22SU - does it close all the settings that needed to be done on the IIS side, or first you need to do it by link, and then put SU messages?
    Thanks!


  3. Aholic Liang-MSFT 13,861 Reputation points Microsoft Vendor
    2023-01-03T07:04:06.64+00:00

    Hi @Cobion
    Thank you for sharing your current progress.
    According to the screenshot in the original description, the warning existed before the script was run.
    There's a Server Manager Troubleshooting Guide on the TechNet Wiki that might help you with your refresh errors.

    275494-2023-1-3-1.png

    In addition ,I also found some similar threads ,you can try referring to the solutions in the link to see if the warning changes:
    Windows Server 2012 R2 upgrade - Refresh completed with one or more warning message (microsoft.com)
    Automatic Refresh Error (microsoft.com)

    If none of the above suggestions help for this warning,it is recommended that you create a new thread, and add the Windows-Server related tags to get more professional help.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.