See the previous post for more details on the PCI audit. The Exchange server failed due to accepting SSL v2 certificates. V2 can lead to malformed requests and crap out the system. Unfortunately the audit doesn’t see the IPS/IDS that would block these attacks, or the SPAM filter with 443 forwarding that would also thwart such malformed requests. But I digress.

This *should* work with 2003 and 2008, but I’ve only tested on 2003. The system requires a reboot to verify changes.

Fire up regedit
Navigate to HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0
Under the registry group “Sever”, create a DWORD value named “Enabled” and verify that the value is set to 0x0.

Found this from Joson Zhou.