Solved

disabled tls 1.0, applied kb3080079 and still can't connect via RDP

Posted on 2016-09-01
3
134 Views
Last Modified: 2016-09-01
Hi Folks,
I have this issue where my Qualys results now need me to disable tls 1.0. This I never did before as it disabled RDP access to my server. I see MS has released KB3080079 which is supposed to fix this problem. I am able to now get a request for credentials when attempting to RDP after disabling tls 1.0, but I get an error after hitting enter. I found out on Server 2008 R2 I can change the Remote Desktop Session Host Configuration to RDP Security Layer via the Properties of my default Connection Name. Is there any problem from a security standpoint doing so if one must connect to a VPN session or physically join to that network in order to RDP to that machine at all? Thanks!
0
Comment
Question by:mrosier
  • 2
3 Comments
 
LVL 13

Accepted Solution

by:
Andy M earned 500 total points
ID: 41780051
If you have RDP enabled only for internal access (i.e. needs to be on the network either directly or VPN) this can usually meet the security requirements but it really would depend on how the third party company feel about it (some will accept it, others it may depend on the type of VPN used, etc).

I take it you've enabled TLS 1.2 and disabled TLS 1.0 and 1.1 using Registry edits and the settings in Remote Desktop Connection?

What OS are you trying to VPN from? When we did this for a client we also had to apply a fix to the Windows 7 machines as they could not RDP onto the server without it. (Won't work at all on Vista or XP). Instructions for this were:

1. Download and install KB2574819 (https://support.microsoft.com/en-us/kb/2574819)

2. Reboot the computer.

3. Download and install KB2592687 (https://support.microsoft.com/en-us/kb/2592687)

4. Reboot the computer.
0
 

Author Comment

by:mrosier
ID: 41780072
Hi Andy,
Thanks for the response! My clients are fine with it as far strongly ciphered VPN goes or physical internal access to the network. Now I have used IIScrypto to enable 1.2 and disable 1.0 and 1.1 as opposed to registry mods. I am trying this now with a test server internal to my network, so no VPN necessary at the moment, but I am having this issue when leaving the host session to Negotiate on the server. I am connecting from Win7Pro 64bit. I will try putting the server back into Negotiate mode in the host session manager, and apply these two KB's and see if I can connect.
0
 

Author Closing Comment

by:mrosier
ID: 41780354
Outstanding, those to KB's plus the original one I installed did the trick!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Can’t delete a file 14 135
ipsec tunnel comme not up 10 71
L2TP/IPSec VPN Passthrough Cisco ASA 5505 8.2(5) to Server 2008 R2 4 48
Hyper-V not working after Anniversary Update 7 48
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now