You might see the following error in the Windows Application Event Log:
- Source: MSExchangeApplicationLogic
- Event ID: 3018
- Level: Error
The request failed. Mailbox: Url: https://officeclient.microsoft.com/config16?CV=15.1.2308.14&Client=WAC_Outlook&corr=910a665e-fd34-4c4b-8ed9-8a38fb515483 Exception: System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host at System.Net.Sockets.Socket.EndReceive(IAsyncResult asyncResult) at System.Net.Sockets.NetworkStream.EndRead(IAsyncResult asyncResult) --- End of inner exception stack trace --- at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult) at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar) --- End of inner exception stack trace --- at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) at Microsoft.Exchange.Data.ApplicationLogic.Extension.BaseAsyncOmexCommand.<>c__DisplayClass18_0.b__0()
The request is successful when you try to connect to the URL provided in the error details using a browser on the Exchange server.
Reason
You can verify the issue by trying to access the URL using the PowerShell Invoke-WebRequest cmdlet. Open a new PowerShell session and try connecting to the URL.
$uri='https://officeclient.microsoft.com/config16?CV=15.1.2308.14&Client=WAC_Outlook&corr=910a665e-fd34-4c4b-8ed9-8a38fb515483'Invoke-WebRequest -Uri $uri
You will receive the same error message as stated in the event log by MSExchangeApplicationLogic. A successful connection returns XML as content.
The reason for this error is related to the .NET Framework TLS configuration, not Exchange Server. The .NET Framework lacks configuration for the use of TLS 1.2.
Solution
The solution for this issue is to configure the .NET Framework to correctly use TLS 1.2. You can follow the description for TLS 1.2 enforcement for Azure AD Connect, or you can simply use this Gist.
Due to the changes made to the SCHANNEL configuration you just restart the computer to bring the changes into effect.
Note
Changing the TLS settings does not only affect outgoing connections but incoming connections as well.
Test the TLS changes in a test environment before adjusting your servers in the production environment. If you have not already enabled TLS 1.2 for your Exchange Servers, I recommend reading the 3-part series by the Exchange product group.
Links
- Gist – Set-TLS12.ps1
- Exchange Server TLS guidance, part 1: Getting Ready for TLS 1.2
- Exchange Server TLS guidance Part 2: Enabling TLS 1.2 and Identifying Clients Not Using It
- Exchange Server TLS guidance Part 3: Turning Off TLS 1.0/1.1
Enjoy Exchange Server!
