AADSTS1002016: You are using TLS version 1.0, 1.1 and/or 3DES cipher

In some cases, you’ll see the following error in the Easy365Manager settings form:

You’ll also see an error message similar to the following logged in the Windows Application log:

Error during Exchange Online login: AADSTS1002016: You are using TLS version 1.0, 1.1 and/or 3DES cipher which are deprecated to improve the security posture of Azure AD.
Your TenantID is: c1493961-2ba6-41ae-b462-e3e7e4dae630.
Please refer to https://go.microsoft.com/fwlink/?linkid=2161187 and conduct needed actions to remediate the issue. For further questions, please contact your administrator.
Trace ID: abfb68d4-b0fd-407e-8209-4ddad50f4400
Correlation ID: e77a1015-e13b-4b85-898b-d95af83dcbc2
Timestamp: 2022-08-09 19:55:56Z

This error indicates that your .Net Framework is not configured to use TLS 1.2 as the default encryption protocol.

How to Fix AADSTS1002016

In most cases, you only need to configure the .Net Framework of your operating system to use TLS 1.2 by implementing the following registry keys:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001
"SystemDefaultTlsVersions"=dword:00000001

(copy the text to notepad, save it as a .reg file and run it or implement the case-sensitive keys manually)

After the registry keys have been configured, you must reboot your system for the changes to take effect.

You should then be able to authenticate successfully to Microsoft Graph PowerShell and Exchange Online:

If setting up the .Net Framework for TLS 1.2 doesn’t solve it, you might need to look deeper into the TLS settings of your operating system.

Read our full guide on enabling TLS 1.2 here.

For further information on this matter, please refer to the official documentation from Microsoft.

Did you like this post? Maybe your friends will too!