Solved

FIPS on RDP (encryption on RDP)

Posted on 2011-09-12
4
1,078 Views
Last Modified: 2012-05-12
Hi Experts,
One of my customers requested to enable encryption on the RDP.  For this he would like to enable the group policy option: “Set client connection encryption level” from Not configured to FIPS. (See attached screenshot for more information).
My question is this: is this configuration affect only the RDP/TS connection or it should affect other areas of the server?
 If this server run IIS application should we encounter with any issue by enabling this setting?
I am trying to understand what is the risk of enabling this option other than “breaking” the RDP/TS?

Information.jpg
0
Comment
Question by:dpatel_team
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 17

Expert Comment

by:sgsm81
ID: 36521481
some info on effects of enabling FIPS

http://support.microsoft.com/kb/811833
0
 
LVL 18

Accepted Solution

by:
Netflo earned 500 total points
ID: 36528204
Hi,

In reply to your questions...

1. It will primarily affect the TS connection only,
2. As you've mentioned that have an IIS application, this should not affect it as long as it is accessed via port 80. If you have a HTTPS (port 443) connection then connectivity will be forced to use TLS 1.0, which shouldn't be a problem for most client operating systems, as it is already enabled. I would refer to the following link for further reading: http://support.microsoft.com/kb/811834

Just a heads up, why not manually enable the setting on your TS first and review connectivity and IIS application connectivity before launching system wide changes across multiple TS via GPO. This way if this causes a problem it can be easily corrected within a few clicks.

Hope this helps.
0
 

Author Comment

by:dpatel_team
ID: 36528714
Hi All,

After doing some testing it appears that it actually does affect the IIS application (for some reason).

Just warning to everyone who is going to enable this option and think that it will affect only the TS connection.

0
 
LVL 18

Expert Comment

by:Netflo
ID: 36528880
Cheers for the update, thanks.
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question