?
Solved

disabled tls 1.0, applied kb3080079 and still can't connect via RDP

Posted on 2016-09-01
3
Medium Priority
?
986 Views
Last Modified: 2016-09-01
Hi Folks,
I have this issue where my Qualys results now need me to disable tls 1.0. This I never did before as it disabled RDP access to my server. I see MS has released KB3080079 which is supposed to fix this problem. I am able to now get a request for credentials when attempting to RDP after disabling tls 1.0, but I get an error after hitting enter. I found out on Server 2008 R2 I can change the Remote Desktop Session Host Configuration to RDP Security Layer via the Properties of my default Connection Name. Is there any problem from a security standpoint doing so if one must connect to a VPN session or physically join to that network in order to RDP to that machine at all? Thanks!
0
Comment
Question by:mrosier
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 14

Accepted Solution

by:
Andy M earned 2000 total points
ID: 41780051
If you have RDP enabled only for internal access (i.e. needs to be on the network either directly or VPN) this can usually meet the security requirements but it really would depend on how the third party company feel about it (some will accept it, others it may depend on the type of VPN used, etc).

I take it you've enabled TLS 1.2 and disabled TLS 1.0 and 1.1 using Registry edits and the settings in Remote Desktop Connection?

What OS are you trying to VPN from? When we did this for a client we also had to apply a fix to the Windows 7 machines as they could not RDP onto the server without it. (Won't work at all on Vista or XP). Instructions for this were:

1. Download and install KB2574819 (https://support.microsoft.com/en-us/kb/2574819)

2. Reboot the computer.

3. Download and install KB2592687 (https://support.microsoft.com/en-us/kb/2592687)

4. Reboot the computer.
0
 

Author Comment

by:mrosier
ID: 41780072
Hi Andy,
Thanks for the response! My clients are fine with it as far strongly ciphered VPN goes or physical internal access to the network. Now I have used IIScrypto to enable 1.2 and disable 1.0 and 1.1 as opposed to registry mods. I am trying this now with a test server internal to my network, so no VPN necessary at the moment, but I am having this issue when leaving the host session to Negotiate on the server. I am connecting from Win7Pro 64bit. I will try putting the server back into Negotiate mode in the host session manager, and apply these two KB's and see if I can connect.
0
 

Author Closing Comment

by:mrosier
ID: 41780354
Outstanding, those to KB's plus the original one I installed did the trick!
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
Suggested Courses
Course of the Month9 days, 7 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question