Quick Fix: New-FederationTrust 426 Upgrade Required

July 31, 2023 by Leave a comment

I am working on an Exchange migration project currently, and setting up some things in a lab. As part of that I am converting what was a Modern Hybrid setup with the Hybrid Agent, to a Classic Hybrid, using connectors and what not.

I was trying to use New-FederationTrust setup a Federation trust and received the following:

Unable to access the Federation Metadata document from the federation partner. Detailed information “The remote server returned an error: (426) Upgrade Required.”

Immediately thought I should enable TLS 1.2 in the PowerShell Session, however this did not help.

I realised that as this is an almost new lab server chances are I hadn’t gone through and properly enabled TLS 1.2 in .Net. I loaded up my previous article on that and looked for the quick registry entries I needed to create.

New-ItemProperty "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727" -Name DefaultSecureProtocols -Type DWORD -Value 1
New-ItemProperty "HKLM:\SOFTWARE\Microsoft\.NETFramework\v2.0.50727" -Name DefaultSecureProtocols -Type DWORD -Value 1
New-ItemProperty "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319" -Name DefaultSecureProtocols -Type DWORD -Value 1
New-ItemProperty "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" -Name DefaultSecureProtocols -Type DWORD -Value 1

However, this also did not solve it.

The solution was that I also needed to add two additional registry entries, which are documented here.

New-ItemProperty "HKLM:\SOFTWARE\Microsoft\.NETFramework\v2.0.50727" -Name SystemDefaultTlsVersions -PropertyType DWORD -Value 1
New-ItemProperty "HKLM:\SOFTWARE\Microsoft\Wow6432Node\.NETFramework\v2.0.50727" -Name SystemDefaultTlsVersions -PropertyType DWORD -Value 1
New-ItemProperty "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" -Name SystemDefaultTlsVersions -PropertyType DWORD -Value 1
New-ItemProperty "HKLM:\SOFTWARE\Microsoft\Wow6432Node\.NETFramework\v4.0.30319" -Name SystemDefaultTlsVersions -PropertyType DWORD -Value 1

After rebooting, I was able to create the Federation Trust successfully.

Filed under Exchange, General, PowerShell, Quick Fix Tagged with , , , ,

Unknown's avatarAbout Robert Pearman
Robert Pearman is a UK based IT worker bee. He has been working within the IT Industry for what feels like forever. Robert likes Piña colada and getting caught in the rain, he also enjoys writing about Technology like PowerShell or System Automation but not as much as he used to. If you're in trouble, and you can find him, maybe you can ask him a question.

Leave a reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.