Running O365 cmdlets with TLS1.2 only, must enable FIPS? Otherwise it doesn't work ? RRS feed

  • Question

  • I want to create an exchange online PowerShell session, so that I can run exchange online cmdlets in that. Cmdlets is :

    New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic –AllowRedirection

    Everything works fine unless I run it on TLS 1.2 only environment, but if I enable  FIPS in local security policy console, it works fine too. Does anyone know how to make this work without enable FIPS?  Is there an official document from MS to tell what is the correct configure in TLS 1.2 only scenario?

    My configure steps are below:

    1. My system is windows server 2008 r2 enterprise, and .net framework version is 4.6.

    2. Only enable TLS 1.2 protocol, disable others via editing system registry. then restart the machine.

    3. If I enable FIPS on the machine, it works finebut it uses TLS1.0 to communicate.

    4. Disable FIPS on the machine,  run create pssession cmdlet will exception :

    Error is :

    New-PSSession : [outlook.office365.com] Connecting to remote server outlook.office365.com failed with the following error message : The server

    certificate on the destination computer (outlook.office365.com:443) has the following errors:      

    Encountered an internal error in the SSL library. For more information, see the about_Remote_Troubleshooting Help topic.

    At line:1 char:1

    + New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlo ...

    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportException

    + FullyQualifiedErrorId : 12175,PSSessionOpenFailed

    5. I also try to visit same domain site with TLS 1.2 only  in IE advance setting, the machine can visit https://outlook.office365.com



    Thursday, January 26, 2017 3:38 AM

All replies

  • I suggest you keep enabling FIPS, as there is no any related official document on TLS 1.2 scenario.
    • Proposed as answer by David Wang_ Sunday, January 29, 2017 2:18 AM
    Friday, January 27, 2017 1:44 PM
  • Thanks for your reply, I have gotten the reply from MS, and tested it. The exol powershell worked on win server 2012 r2 tls 1.2 only scenario, but win server 2008 r2 couldn't supported.
    • Proposed as answer by David Wang_ Wednesday, February 8, 2017 9:11 AM
    Wednesday, February 8, 2017 7:44 AM
  • Thank you for the update.

    As the issue is resolved, please also mark your reply as answers so that someone who has similar issue could find the solution as soon as possible.

    Best Regards,
    David Wang
    TechNet Community Support

    Please remember to mark the replies as answers if they helped.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Edited by David Wang_ Wednesday, February 8, 2017 9:11 AM
    Wednesday, February 8, 2017 9:11 AM