Enabling TLS 1.2 on ADFS – Windows Server 2012 R2 in zoom App
If your organization is still using TLS 1.1 or below, you’ll need to enable TLS 1.2 in order to continue using Zoom as a Service Provider Entity.
Prerequisites for enabling TLS 1.2 on an ADFS Server (Windows Server 2021 R2)
- A version of .NET Framework greater than 4.6.2 must be installed on the ADFS server:
- Verifying the .NET Framework version
- via the .NET Framework download
- 6.3.9600.17031 is the minimum required version of the Hardware Abstraction Layer (HAL) for Windows Server 2012.
Instructions
- Click on “Run as administrator” to start Windows PowerShell
- You can enable TLS 1.2 on your ADFS client by running the following commands:
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'Enabled' -value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'DisabledByDefault' -value 0 -PropertyType 'DWord' -Force | Out-Null
Write-Host 'TLS 1.2 has been enabled.'
- Then, enable Strong Authentication by running the following command:
New-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -name 'SchUseStrongCrypto' -value '1' -PropertyType 'DWord' -Force | Out-Null
- To disable SSL 3.0 on the ADFS client, run the following commands:
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client' -name 'Enabled' -value '0' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client' -name 'DisabledByDefault' -value 1 -PropertyType 'DWord' -Force | Out-Null
Write-Host 'SSL 3.0 has been disabled.'
- Re-open the management console and try importing the metadata from Zoom again after closing all ADFS server management windows.