We have recently updated to Windows 2012 and Exchange 2013. Since doing so, now my PCI compliance scan for our credit card provider fails. The main failure is that the RC4 cipher is being used as well as TLS 2.0 and 3.0 as well as a SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (LogJam) entry. When I have tried to disable the use of the RC4 and TLS 2.0 and 3.0 I ran into an issue that now my OWA and Activesync sites no longer work. Therefore, I removed the registry entries that I created to attempt to remove the non compliant protocols. Now OWA and Activesync are working again but I am still not compliant on my scan since these "unsafe" protocols are in use.
Can anyone offer some assistance as to how to disable these protocols correctly and still have my IIS sites for Exchange server working correctly?