Enabling TLS 1.2 on ADFS - Windows Server 2012 R2

As of August 2019, Zoom has ended its support and disabled use of Transport Layer Security (TLS) 1.0 and 1.1 protocol. Our web services now utilize TLS 1.2+. Due to this change, organizations using ADFS with TLS 1.1 or below, are unable to download our SAML metadata for Single Sign-On:

To remedy this error, organizations still using TLS 1.1 or below, will need to enable TLS 1.2 to continue using Zoom as a Service Provider Entity.

Prerequisites for enabling TLS 1.2 on an ADFS Server (Windows Server 2021 R2)

Instructions

  1. Start Windows PowerShell with the “Run as administrator” option
  2. Run the following commands to enable TLS 1.2 on your ADFS client:
    New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Force | Out-Null
    New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'Enabled' -value '1' -PropertyType 'DWord' -Force | Out-Null
    New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'DisabledByDefault' -value 0 -PropertyType 'DWord' -Force | Out-Null
    Write-Host 'TLS 1.2 has been enabled.'
  3. Next run the following command to enable Strong Authentication:
    New-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -name 'SchUseStrongCrypto' -value '1' -PropertyType 'DWord' -Force | Out-Null
  4. (Optional) Run the following commands to disable SSL 3.0 on the ADFS client: 
    New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client' -Force | Out-Null
    New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client' -name 'Enabled' -value '0' -PropertyType 'DWord' -Force | Out-Null
    New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client' -name 'DisabledByDefault' -value 1 -PropertyType 'DWord' -Force | Out-Null
    Write-Host 'SSL 3.0 has been disabled.'
  5. Close all ADFS server management windows, then re-open the management console, and re-try importing the metadata from Zoom.