[Gelöst] CVE-2024-21410 | Enabling Extended Protection --> Test Failed: SchUseStrongCrypto is not configured as expected

Guten Morgen zusammen, 

ich bekomme beim Versuch Extended Protection auf einem Exchange 2019 unter Server 2022 ohne DAG folgenden Fehler: 

[PS] C:\ExchangeExtendedProtectionManagement.ps1
Version 24.02.13.1755

Enabling Extended Protection
Extended Protection is recommended to be enabled for security reasons. Known Issues: Following scenarios will not work when Extended Protection is enabled.
    - SSL offloading or SSL termination via Layer 7 load balancing.
    - Exchange Hybrid Features if using Modern Hybrid.
    - Access to Public folders on Exchange 2013 Servers.
You can find more information on:  https://aka.ms/ExchangeEPDoc.  Do you want to proceed?
[J] Ja  [A] Ja, alle  [N] Nein  [K] Nein, keine  [H] Anhalten  [?] Hilfe (Standard ist "J"): a

The following servers have the TLS Configuration below
SERVERNAME

RegistryName        Location                                                                              Value
------------        --------                                                                              -----
SchUseStrongCrypto  SOFTWARE\Microsoft\.NETFramework\v2.0.50727
SystemTlsVersions   SOFTWARE\Microsoft\.NETFramework\v2.0.50727
SchUseStrongCrypto  SOFTWARE\Microsoft\.NETFramework\v4.0.30319
SystemTlsVersions   SOFTWARE\Microsoft\.NETFramework\v4.0.30319                                           1
SchUseStrongCrypto  SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727
SystemTlsVersions   SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727
SchUseStrongCrypto  SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319
SystemTlsVersions   SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319                               1
DisabledByDefault   SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client  1
Enabled             SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client  0
DisabledByDefault   SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server  1
Enabled             SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server  0
DisabledByDefault   SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client  1
Enabled             SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client  0
DisabledByDefault   SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server  1
Enabled             SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server  0
DisabledByDefault   SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client  0
Enabled             SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client  1
DisabledByDefault   SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server  0
Enabled             SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server  1

Test Failed: SchUseStrongCrypto is not configured as expected
System affected: SERVERNAME
Action required: Configure SchUseStrongCrypto for NETv4 as described here:  https://aka.ms/ExchangeEPDoc 

WARNUNG: Failed to pass the TLS prerequisites for the servers you are trying to enable Extended Protection. Unable to continue.

Servers trying to enable: SERVERNAME
Do you have feedback regarding the script? Please email ExToolsFeedback@microsoft.com.