Hi,
We're running 2 Exchange 2013 CU20 servers on premise in a DAG, situated behind a pair of barracuda hardware load balancers. We use an external cloud based marketing/sales application that connects to Exchange's EWS site to compose and send email outbound. This application also has meeting/calendar functionality that ties into Outlook calendars.
what I've been noticing lately are hundreds of MSExchange Web Services warnings and errors being logged on both servers.
example:
A notification for subscription [HQBleGNoLTAxLmdyYXBoaWNwcm9kdWN0cy5sb2NhbBAAAACNt9GJgkPKT5eunEgmmthA/V1ATZA11ggQAAAA+GxcBMzPmUGzlhKKXzYAMg==] against endpoint [cloud provider domain]/ews/calendar/event_notifications?calendar=3&org=f83a0147-7ea4-4f02-998b-7c76adc90754&secret=68c3bf75d6620cfd]
couldn't be sent. (Send attempts: 2) Details: WebException: The underlying connection was closed: An unexpected error occurred on a send. Status: SendFailure at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at Microsoft.Exchange.Services.Core.NotificationServiceClient.HandleResponse(IAsyncResult responseAsyncResult)
some of my research led me to some stack overflow forum posts describing similar event IDs (not exactly the same description) and that it could be related to an encryption protocol mismatch or usage of an obsoleted encryption protocol on one end of the communication.
I'm thinking maybe the ASP .NET framework on exchange is using TLS 1.0 and the remote site isn't negotiating secure communication with Exchange properly because of this, but I can't appear to verify this.
looking at this documentation https://blogs.technet.microsoft.com/exchange/2018/04/02/exchange-server-tls-guidance-part-2-enabling-tls-1-2-and-identifying-clients-not-using-it/
and I was thinking that disabling TLS 1.0 within the registry on both exchange servers may help, but am unsure. (SSL 2.0 and 3.0 are disabled via the registry)
any tips with anyone experiencing a similar issue would be welcome.