At Zoom, we are hard at work to provide you with the best 24x7 global support experience. As part of this ongoing commitment, please review our updated Support Guidelines.

How to enable TLS 1.2 on an ADFS Server (Windows Server 2012 R2) Follow


As of August 2019, Zoom has ended its support and disabled use of Transport Layer Security (TLS) 1.0 and 1.1 protocol. Our web services now utilize TLS 1.2+. Due to this change, organizations using ADFS with TLS 1.1 or below, are unable to download our SAML metadata for Single Sign-On:

To remedy this error, organizations still using TLS 1.1 or below, will need to enable TLS 1.2 to continue using Zoom as a Service Provider Entity.



  1. Start Windows PowerShell with the “Run as administrator” option
  2. Run the following commands to enable TLS 1.2 on your ADFS client:
    New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Force | Out-Null
    New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'Enabled' -value '1' -PropertyType 'DWord' -Force | Out-Null
    New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'DisabledByDefault' -value 0 -PropertyType 'DWord' -Force | Out-Null
    Write-Host 'TLS 1.2 has been enabled.'
  3. Next run the following command to enable Strong Authentication:
    New-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -name 'SchUseStrongCrypto' -value '1' -PropertyType 'DWord' -Force | Out-Null
  4. (Optional) Run the following commands to disable SSL 3.0 on the ADFS client: 
    New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client' -Force | Out-Null
    New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client' -name 'Enabled' -value '0' -PropertyType 'DWord' -Force | Out-Null
    New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client' -name 'DisabledByDefault' -value 1 -PropertyType 'DWord' -Force | Out-Null
    Write-Host 'SSL 3.0 has been disabled.'
  5. Close all ADFS server management windows, then re-open the management console, and re-try importing the metadata from Zoom.