Exchange 2019 service/monitor down – time out during ssl handshake stage

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL]
“AllowInsecureRenegoClients”=dword:00000001
“AllowInsecureRenegoServers”=dword:00000001

More details refer to:
https://www.exchangelog.info/2020/02/netscaler-vs-exchange-2019-time-out.html

2. Or enable secure renegotiation in the SSL profile, or in global SSL parameters.
Example
> set ssl profile ns_default_ssl_profile_backend -denySSLReneg NONSECURE
> set ssl parameter -denySSLReneg NONSECURE

Note: Not all the ADC vsersions support secure renegotiation on the backend. Only 13.0.58.30+ supports.

By default, ADC does not enable secure renegotiation on the backend.
Citrix ADC fails to communicate with the new Exchange Server 2019 because the default setting on Exchange Server 2019 is “secure renegotiation only”.

Secure renegotiation at backend is not currently supported on Citrix ADC on all platforms.

We can disable “secure renegotiation only” setting in Exchange Server 2019 as well as a workaround.

Support for Secure Renegoation has been added with 13.0 58.x and later (also for VPX, MPX N2/N3 and Intel Coleto). Refer to   https://docs.citrix.com/en-us/citrix-adc/current-release/ssl/ssl-profiles/ssl-enabling-the-default-profile.html#support-for-secure-renegotiation-at-the-back-end-of-a-citrix-adc-appliance