Enabling TLS 1.2 on ADFS - Windows Server 2012 R2

As of August 2019, Zoom has ended its support and disabled use of Transport Layer Security (TLS) 1.0 and 1.1 protocol. Our web services now utilize TLS 1.2+. Due to this change, organizations using ADFS with TLS 1.1 or below, are unable to download our SAML metadata for Single Sign-On:

To remedy this error, organizations still using TLS 1.1 or below, will need to enable TLS 1.2 to continue using Zoom as a Service Provider Entity.

Prerequisites for enabling TLS 1.2 on an ADFS Server (Windows Server 2021 R2)

• The .NET Framework version installed on the ADFS server must be higher than 4.6.2:
  • Checking .NET Framework version
  • .NET Framework downloads
• Windows Server 2012 Hardware Abstraction Layer (HAL) version needs to be at least 6.3.9600.17031 

Instructions

1. Start Windows PowerShell with the “Run as administrator” option
2. Run the following commands to enable TLS 1.2 on your ADFS client:
   

   New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Force | Out-Null

   New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'Enabled' -value '1' -PropertyType 'DWord' -Force | Out-Null

   New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'DisabledByDefault' -value 0 -PropertyType 'DWord' -Force | Out-Null

   Write-Host 'TLS 1.2 has been enabled.'

3. Next run the following command to enable Strong Authentication:
   

   New-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -name 'SchUseStrongCrypto' -value '1' -PropertyType 'DWord' -Force | Out-Null

4. (Optional) Run the following commands to disable SSL 3.0 on the ADFS client: 

   New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client' -Force | Out-Null

   New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client' -name 'Enabled' -value '0' -PropertyType 'DWord' -Force | Out-Null

   New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client' -name 'DisabledByDefault' -value 1 -PropertyType 'DWord' -Force | Out-Null

   Write-Host 'SSL 3.0 has been disabled.'

5. Close all ADFS server management windows, then re-open the management console, and re-try importing the metadata from Zoom.