Solved

disabled tls 1.0, applied kb3080079 and still can't connect via RDP

Posted on 2016-09-01
3
725 Views
Last Modified: 2016-09-01
Hi Folks,
I have this issue where my Qualys results now need me to disable tls 1.0. This I never did before as it disabled RDP access to my server. I see MS has released KB3080079 which is supposed to fix this problem. I am able to now get a request for credentials when attempting to RDP after disabling tls 1.0, but I get an error after hitting enter. I found out on Server 2008 R2 I can change the Remote Desktop Session Host Configuration to RDP Security Layer via the Properties of my default Connection Name. Is there any problem from a security standpoint doing so if one must connect to a VPN session or physically join to that network in order to RDP to that machine at all? Thanks!
0
Comment
Question by:mrosier
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 14

Accepted Solution

by:
Andy M earned 500 total points
ID: 41780051
If you have RDP enabled only for internal access (i.e. needs to be on the network either directly or VPN) this can usually meet the security requirements but it really would depend on how the third party company feel about it (some will accept it, others it may depend on the type of VPN used, etc).

I take it you've enabled TLS 1.2 and disabled TLS 1.0 and 1.1 using Registry edits and the settings in Remote Desktop Connection?

What OS are you trying to VPN from? When we did this for a client we also had to apply a fix to the Windows 7 machines as they could not RDP onto the server without it. (Won't work at all on Vista or XP). Instructions for this were:

1. Download and install KB2574819 (https://support.microsoft.com/en-us/kb/2574819)

2. Reboot the computer.

3. Download and install KB2592687 (https://support.microsoft.com/en-us/kb/2592687)

4. Reboot the computer.
0
 

Author Comment

by:mrosier
ID: 41780072
Hi Andy,
Thanks for the response! My clients are fine with it as far strongly ciphered VPN goes or physical internal access to the network. Now I have used IIScrypto to enable 1.2 and disable 1.0 and 1.1 as opposed to registry mods. I am trying this now with a test server internal to my network, so no VPN necessary at the moment, but I am having this issue when leaving the host session to Negotiate on the server. I am connecting from Win7Pro 64bit. I will try putting the server back into Negotiate mode in the host session manager, and apply these two KB's and see if I can connect.
0
 

Author Closing Comment

by:mrosier
ID: 41780354
Outstanding, those to KB's plus the original one I installed did the trick!
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question