Solved

disabled tls 1.0, applied kb3080079 and still can't connect via RDP

Posted on 2016-09-01
3
276 Views
Last Modified: 2016-09-01
Hi Folks,
I have this issue where my Qualys results now need me to disable tls 1.0. This I never did before as it disabled RDP access to my server. I see MS has released KB3080079 which is supposed to fix this problem. I am able to now get a request for credentials when attempting to RDP after disabling tls 1.0, but I get an error after hitting enter. I found out on Server 2008 R2 I can change the Remote Desktop Session Host Configuration to RDP Security Layer via the Properties of my default Connection Name. Is there any problem from a security standpoint doing so if one must connect to a VPN session or physically join to that network in order to RDP to that machine at all? Thanks!
0
Comment
Question by:mrosier
  • 2
3 Comments
 
LVL 13

Accepted Solution

by:
Andy M earned 500 total points
ID: 41780051
If you have RDP enabled only for internal access (i.e. needs to be on the network either directly or VPN) this can usually meet the security requirements but it really would depend on how the third party company feel about it (some will accept it, others it may depend on the type of VPN used, etc).

I take it you've enabled TLS 1.2 and disabled TLS 1.0 and 1.1 using Registry edits and the settings in Remote Desktop Connection?

What OS are you trying to VPN from? When we did this for a client we also had to apply a fix to the Windows 7 machines as they could not RDP onto the server without it. (Won't work at all on Vista or XP). Instructions for this were:

1. Download and install KB2574819 (https://support.microsoft.com/en-us/kb/2574819)

2. Reboot the computer.

3. Download and install KB2592687 (https://support.microsoft.com/en-us/kb/2592687)

4. Reboot the computer.
0
 

Author Comment

by:mrosier
ID: 41780072
Hi Andy,
Thanks for the response! My clients are fine with it as far strongly ciphered VPN goes or physical internal access to the network. Now I have used IIScrypto to enable 1.2 and disable 1.0 and 1.1 as opposed to registry mods. I am trying this now with a test server internal to my network, so no VPN necessary at the moment, but I am having this issue when leaving the host session to Negotiate on the server. I am connecting from Win7Pro 64bit. I will try putting the server back into Negotiate mode in the host session manager, and apply these two KB's and see if I can connect.
0
 

Author Closing Comment

by:mrosier
ID: 41780354
Outstanding, those to KB's plus the original one I installed did the trick!
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question