Exchange 2016; EventID 3018, MSExchangeApplicationLogic

In the event log of an Exchange 2016 server, the following error message with the source MSExchangeApplicationLogic may occur every hour:

Source: MSExchangeApplicationLogic

Event ID: 3018

Scenario[ServiceHealth]: GetConfig. CorrelationId: 6852d41c-26fb-4ef9-9f7a-ee9d25f780c7. The request failed. Mailbox: Url: https://officeclient.microsoft.com/config16?CV=15.1.1261.36&Client=WAC_Outlook&corr=6852d41c-26fb-4ef9-9f7a-ee9d25f780c7 Exception: System.Net.WebException: The underlying connection was closed: Unknown error receiving... -> System.ComponentModel.Win32Exception: The client and the server cannot exchange data because they do not have a common algorithm
with System.Net.SSPIWrapper.AcquireCredentialsHandle(SSPIInterface SecModule, String package, CredentialUse intent, SecureCredential scc)
for System.Net.Security.SecureChannel.AcquireCredentialsHandle(CredentialUse credUsage, SecureCredential& secureCredential)
for System.Net.Security.SecureChannel.AcquireClientCredentials(Byte[]& thumbPrint)
for System.Net.Security.SecureChannel.GenerateToken(Byte[] input, Int32 offset, Int32 count, Byte[]& output)
for System.Net.Security.SecureChannel.NextMessage(Byte[] incoming, Int32 offset, Int32 count)
for System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
for System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
for System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
with System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
for System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
with System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
for System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
for System.Net.TlsStream.BeginWrite(Byte[] buffer, Int32 offset, Int32 size, AsyncCallback asyncCallback, Object asyncState)
for System.Net.ConnectStream.WriteHeaders(Boolean async)
- End of internal exception stack monitoring -
for System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
for Microsoft.Exchange.Data.ApplicationLogic.Extension.BaseAsyncOmexCommand.c__DisplayClass18_0.b__0()

The most common cause of the error is that the Exchange server is not allowed to connect directly to the Internet, but must use a proxy. If this is the case, the proxy must be stored in the Exchange configuration. The proxy can be entered with the following command:

Set-ExchangeServer ExchangeServerName -InternetWebProxy http://192.168.1.1:8080

You should also check whether access to officeclient.microsoft.com from the Exchange server is permitted. It may be necessary to set up an exception on the company's firewall.

Another possibility could be that TLS1.0 has been switched off. It is important that TLS1.0 is activated as the client protocol. The settings for TLS1.0 can be checked in the registry. Here are the correct TLS1.0 client settings:

• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client

If you do not want the Exchange Server to communicate directly with the Internet and contact the Microsoft URL, you can at least reduce the number of error messages. To do this, the interval of the checks can be increased to one day. To change the interval, one line must be added to each of the following two files:

• %ExchangeInstallPath%ClientAccess\exchweb\ews\web.config
• %ExchangeInstallPath%ClientAccess\Owa\web.config

The following line must be inserted between and in each of these files:

<add key = „KillBitRefreshTimeInSeconds“ value = „86400“ />

Note: Pay attention to the correct formatting of the apostrophe, see screenshot.

In case anyone is wondering what the Exchange Server is trying to download or retrieve at the URL given in the error message:

Exchange would like to download the current list of killbits here, this is a security feature that was already introduced with Exchange 2013. Detailed information about the killbits can be found here:

• The Kill-Bit FAQ: Part 1 of 3
• The Kill-Bit FAQ: Part 2 of 3
• The Kill-Bit FAQ: Part 3 of 3