Windows OS Hub
  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu

 Windows OS Hub / Outlook / Outlook: Your Server Does Not Support the Connection Encryption Type

October 20, 2022 OutlookWindows 7Windows Server 2008 R2

Outlook: Your Server Does Not Support the Connection Encryption Type

In legacy Windows versions (Windows 7/XP or Windows Server 2008R2/2003) with Outlook 2010/2013/2016/2019, you may see the following error when trying to connect to a mail server:

0x800CCC1A - Your server does not support the connection encryption type you have specified. Try changing encryption method. Contact your mail server administrator or Internet service provider (ISP).

Putlook error 0x800CCC1A - Your server does not support the connection encryption type you have specified

The error occurs when an Outlook client tries to connect to a mail server using a non-supported encryption protocol.

Most often, this problem occurs if your mail server supports only TLS 1.2 and 1.3 protocols. For example, Windows 7 only supports the legacy TLS 1.0 and 1.1 protocols by default, which are no longer used by public mail servers.

The Outlook client uses the WINHTTP transport to send or receive data over TLS. If TLS 1.2 is not supported or is disabled on the winhttp level, Outlook won’t be able to connect to a server due to an unsupported encryption type.

To fix this problem, you need to enable the TLS 1.2 protocol on Windows 7. Windows 7 supports TLS 1.2, but it is not enabled by default (unlike newer OS versions – Windows 8, 10, and 11).

In order to enable TLS 1.2 on Windows 7:

  1. Make sure that Windows 7 SP1 is installed;
  2. Manually download and install the update KB3140245 from Microsoft Update Catalog (https://www.catalog.update.microsoft.com/search.aspx?q=kb3140245);
    download Windows update KB3140245
  3. Download and install MicrosoftEasyFix51044.msi patch (https://download.microsoft.com/download/0/6/5/0658B1A7-6D2E-474F-BC2C-D69E5B9E9A68/MicrosoftEasyFix51044.msi);
    This fix is described in the article Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP in Windows. The fix adds TLS 1.1 and TLS 1.2 support options to the registry on Windows Server 2012, Windows 7 SP1, and Windows Server 2008 R2 SP1 (described below).
  4. Restart your computer.

The patch mentioned above adds the following options to the registry:

A DefaultSecureProtocols parameter with the value 0x00000a00 in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp.

In a 64-bit Windows version, you have to create this setting under HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp.

The 0x0A0 parameter leaves SSL 3.0 and TLS 1.0 enabled for WinHTTP, and enables TLS 1.1 and TLS 1.2 as well. If you want to allow a client to use only TLS 1.1 or TLS 1.2, change the value to 0xA00.

Create new subkeys TLS 1.2 and TLS 1.1 under HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\.

Create a Client key in each registry section. Then open each Client key and create a DWORD parameter DisabledByDefault with the value 0x00000000.

To create these registry parameters, you may use the following PowerShell script:

$reg32bWinHttp = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp"
$reg64bWinHttp = "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp"
$regWinHttpDefault = "DefaultSecureProtocols"
$regWinHttpValue = "0x00000a00"
$regTLS11 = "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client"
$regTLS12 = "HKLM:SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client"
$regTLSDefault = "DisabledByDefault"
$regTLSValue = "0x00000000"
# For Windows x86
New-ItemProperty -Path $reg32bWinHttp -Name $regWinHttpDefault -Value $regWinHttpValue -PropertyType DWORD
# For Windows x64
New-ItemProperty -Path $reg64bWinHttp -Name $regWinHttpDefault -Value $regWinHttpValue -PropertyType DWORD
New-Item -Path $regTLS11
New-ItemProperty -Path $regTLS11 -Name $regTLSDefault -Value $regTLSValue -PropertyType DWORD
New-Item -Path $regTLS12
New-ItemProperty -Path $regTLS12 -Name $regTLSDefault -Value $regTLSValue -PropertyType DWORD

Learn more about how to disable legacy TLS versions on Windows.

You can check the TLS protocol versions supported by your mail server using an online service SSL Labs (https://www.ssllabs.com/ssltest/analyze.html?d=mail.woshub.com)

We told about how to use this service in the article This Site Can’t Provide a Secure Connection.

In this example, you can see that the mail server only supports TLS 1.2.

check supported TLS protocol versions on mail server

In Microsoft 365 (Office 365), TLS 1.0 and TLS 1.1 protocols are not yet disabled by default.

In the Outlook settings, make sure that STARTTLS (available in all modern Outlook versions) or SSL/TLS are used to connect to the mail server. Make sure that the option “This server requires an encrypted connection (SSL/TLS)” is enabled. Check the IMAP/POP/SMTP port numbers.

Outlook SSL connection settings

Also, note that some antiviruses have the SSL/TLS inspection (filtering) option enabled by default. Try to disable this option in your antivirus software settings and check the connection to a mail server in Outlook.

0 comment
2
Facebook Twitter Google + Pinterest
previous post
Configure Auto-Reply (Out of Office) Message in Exchange and Microsoft 365
next post
How to Manage Windows File Shares Using PowerShell?

Related Reading

How to Enable TLS 1.2 on Windows?

January 18, 2023

Granting Send As and Send on Behalf Permissions...

December 21, 2022

How to Manually Configure Exchange or Microsoft 365...

December 5, 2022

How to Restore Deleted EFI System Partition in...

November 30, 2022

Outlook Attachment Preview Error: This File Cannot Be...

November 16, 2022

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange Server
  • Microsoft 365
  • Azure
  • Windows 11
  • Windows 10
  • Windows Server 2022
  • Windows Server 2019
  • Windows Server 2016
  • PowerShell
  • VMWare
  • Hyper-V
  • Linux
  • MS Office

Recent Posts

  • Using Previous Command History in PowerShell Console

    January 31, 2023
  • How to Install the PowerShell Active Directory Module and Manage AD?

    January 31, 2023
  • Finding Duplicate E-mail (SMTP) Addresses in Exchange

    January 27, 2023
  • How to Delete Old User Profiles in Windows?

    January 25, 2023
  • How to Install Free VMware Hypervisor (ESXi)?

    January 24, 2023
  • How to Enable TLS 1.2 on Windows?

    January 18, 2023
  • Allow or Prevent Non-Admin Users from Reboot/Shutdown Windows

    January 17, 2023
  • Fix: Can’t Extend Volume in Windows

    January 12, 2023
  • Wi-Fi (Internet) Disconnects After Sleep or Hibernation on Windows 10/11

    January 11, 2023
  • Adding Trusted Root Certificates on Linux

    January 9, 2023

Follow us

woshub.com
  • Facebook
  • Twitter
  • RSS
Popular Posts
  • Fix: Signature Button Not Working in Outlook 2019/2016/365
  • Outlook Keeps Asking for Password on Windows
  • How to Manually Configure Exchange or Microsoft 365 Account in Outlook 365/2019/2016?
  • Blank Sign-in Screen in Office 365 Apps (Outlook, Teams, etc.)
  • Fix: Microsoft Outlook Search Not Working on Windows 10/11
  • Export Exchange or Office 365 Global Address List (GAL) to CSV
  • Configure Auto-Reply (Out of Office) Message in Exchange and Microsoft 365
Footer Logo

@2014 - 2023 - Windows OS Hub. All about operating systems for sysadmins


Back To Top