Solved

disabled tls 1.0, applied kb3080079 and still can't connect via RDP

Posted on 2016-09-01
3
470 Views
Last Modified: 2016-09-01
Hi Folks,
I have this issue where my Qualys results now need me to disable tls 1.0. This I never did before as it disabled RDP access to my server. I see MS has released KB3080079 which is supposed to fix this problem. I am able to now get a request for credentials when attempting to RDP after disabling tls 1.0, but I get an error after hitting enter. I found out on Server 2008 R2 I can change the Remote Desktop Session Host Configuration to RDP Security Layer via the Properties of my default Connection Name. Is there any problem from a security standpoint doing so if one must connect to a VPN session or physically join to that network in order to RDP to that machine at all? Thanks!
0
Comment
Question by:mrosier
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 13

Accepted Solution

by:
Andy M earned 500 total points
ID: 41780051
If you have RDP enabled only for internal access (i.e. needs to be on the network either directly or VPN) this can usually meet the security requirements but it really would depend on how the third party company feel about it (some will accept it, others it may depend on the type of VPN used, etc).

I take it you've enabled TLS 1.2 and disabled TLS 1.0 and 1.1 using Registry edits and the settings in Remote Desktop Connection?

What OS are you trying to VPN from? When we did this for a client we also had to apply a fix to the Windows 7 machines as they could not RDP onto the server without it. (Won't work at all on Vista or XP). Instructions for this were:

1. Download and install KB2574819 (https://support.microsoft.com/en-us/kb/2574819)

2. Reboot the computer.

3. Download and install KB2592687 (https://support.microsoft.com/en-us/kb/2592687)

4. Reboot the computer.
0
 

Author Comment

by:mrosier
ID: 41780072
Hi Andy,
Thanks for the response! My clients are fine with it as far strongly ciphered VPN goes or physical internal access to the network. Now I have used IIScrypto to enable 1.2 and disable 1.0 and 1.1 as opposed to registry mods. I am trying this now with a test server internal to my network, so no VPN necessary at the moment, but I am having this issue when leaving the host session to Negotiate on the server. I am connecting from Win7Pro 64bit. I will try putting the server back into Negotiate mode in the host session manager, and apply these two KB's and see if I can connect.
0
 

Author Closing Comment

by:mrosier
ID: 41780354
Outstanding, those to KB's plus the original one I installed did the trick!
0

Featured Post

Backup Solution for AWS

Read about how CloudBerry Backup fully integrates your backups with Amazon S3 and Amazon Glacier to provide military-grade encryption and dramatically cut storage costs on any platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question