Lev Kaytsner
asked on
RDP to Windows Server 2012 R2 after disabling TLS 1.0
I had to disable TLS 1.0 on Windows Server 2012 R2 due to PCI Compliance requirements.
Now I can't connect to either server via RDP.
I have tried editing security to "negotiate" in Group Policy Editor.
Has anyone found a solution to this?
Thanks,
Lev
Now I can't connect to either server via RDP.
I have tried editing security to "negotiate" in Group Policy Editor.
Has anyone found a solution to this?
Thanks,
Lev
ASKER
Yes, both TLS 1.1 and 1.2 are enabled.
This is what I have now with TLS1.0 enabled since I have no other way to get into it:
[HKEY_LOCAL_MACHINE\SYSTEM \CurrentCo ntrolSet\C ontrol\Sec urityProvi ders\SCHAN NEL\Protoc ols\TLS 1.0]
[HKEY_LOCAL_MACHINE\SYSTEM \CurrentCo ntrolSet\C ontrol\Sec urityProvi ders\SCHAN NEL\Protoc ols\TLS 1.0\Client]
"Enabled"=dword:00000001
"DisabledByDefault"=dword: 00000000
[HKEY_LOCAL_MACHINE\SYSTEM \CurrentCo ntrolSet\C ontrol\Sec urityProvi ders\SCHAN NEL\Protoc ols\TLS 1.0\Server]
"Enabled"=dword:00000001
"DisabledByDefault"=dword: 00000000
[HKEY_LOCAL_MACHINE\SYSTEM \CurrentCo ntrolSet\C ontrol\Sec urityProvi ders\SCHAN NEL\Protoc ols\TLS 1.1]
[HKEY_LOCAL_MACHINE\SYSTEM \CurrentCo ntrolSet\C ontrol\Sec urityProvi ders\SCHAN NEL\Protoc ols\TLS 1.1\Client]
"Enabled"=dword:00000001
"DisabledByDefault"=dword: 00000000
[HKEY_LOCAL_MACHINE\SYSTEM \CurrentCo ntrolSet\C ontrol\Sec urityProvi ders\SCHAN NEL\Protoc ols\TLS 1.1\Server]
"Enabled"=dword:00000001
"DisabledByDefault"=dword: 00000000
[HKEY_LOCAL_MACHINE\SYSTEM \CurrentCo ntrolSet\C ontrol\Sec urityProvi ders\SCHAN NEL\Protoc ols\TLS 1.2]
[HKEY_LOCAL_MACHINE\SYSTEM \CurrentCo ntrolSet\C ontrol\Sec urityProvi ders\SCHAN NEL\Protoc ols\TLS 1.2\Client]
"Enabled"=dword:00000001
"DisabledByDefault"=dword: 00000000
[HKEY_LOCAL_MACHINE\SYSTEM \CurrentCo ntrolSet\C ontrol\Sec urityProvi ders\SCHAN NEL\Protoc ols\TLS 1.2\Server]
"Enabled"=dword:00000001
"DisabledByDefault"=dword: 00000000
This is what I have now with TLS1.0 enabled since I have no other way to get into it:
[HKEY_LOCAL_MACHINE\SYSTEM
[HKEY_LOCAL_MACHINE\SYSTEM
"Enabled"=dword:00000001
"DisabledByDefault"=dword:
[HKEY_LOCAL_MACHINE\SYSTEM
"Enabled"=dword:00000001
"DisabledByDefault"=dword:
[HKEY_LOCAL_MACHINE\SYSTEM
[HKEY_LOCAL_MACHINE\SYSTEM
"Enabled"=dword:00000001
"DisabledByDefault"=dword:
[HKEY_LOCAL_MACHINE\SYSTEM
"Enabled"=dword:00000001
"DisabledByDefault"=dword:
[HKEY_LOCAL_MACHINE\SYSTEM
[HKEY_LOCAL_MACHINE\SYSTEM
"Enabled"=dword:00000001
"DisabledByDefault"=dword:
[HKEY_LOCAL_MACHINE\SYSTEM
"Enabled"=dword:00000001
"DisabledByDefault"=dword:
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Have you tried using each of the Security Layers Terminal Service Config? I would try SSL TLS 1.0 or RDP Security Layer and see if that works. Another option might be enabling FIP Compliant cipher and setting the TSconfig to use them which really isnt recommended.
ASKER
I am using Windows 7 and 10 to connect. I installed RDP 8.0 and it didn't help.
ASKER
Updating RDP to 8.1 enabled access to Windows Server 2012 R2
ASKER
Thank you all!
[HKEY_LOCAL_MACHINE\SYSTEM
[HKEY_LOCAL_MACHINE\SYSTEM
"DisabledByDefault"=dword:
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM
"DisabledByDefault"=dword:
"Enabled"=dword:00000001