RDP Lost after Disable TLS 1.0 on Windows 2012 R2

Netsol-NOS
Netsol-NOS used Ask the Experts™
on
Dear EE,

Remote Desktop has been disabled after i perform following settings on Microsoft Windows 2012 R2.

DISABLED TLS 1.0
ENABLED TLS 1.1
ENABLED TLS 1.2

Error
Please see attached error

Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2016

Commented:
This is a known issue

https://support.microsoft.com/en-us/help/4036954/disabling-tls1-0-can-cause-rds-connection-broker-or-rdms-to-fail

TL;DR

Set up RDS without Connection Broker for a single server installation.
Do not disable TLS 1.0 on a single Connection Broker deployment.
Configure a high availability Connection Broker deployment that uses dedicated SQL Server.
Note Microsoft has released an update to enable SQL Server communication to use TLS 1.2.
Jose Gabriel Ortega CastroTop Rated Freelancer on MS Technologies
Awarded 2018
Distinguished Expert 2018

Commented:
How did you disable TLS 1.0?

This should be the good point to do it.
https://gallery.technet.microsoft.com/office/Enable-TLS11-and-TLS12-in-f41c9ab0

Please be specific on what you did.

Commented:
What about unchecking the NLA option in the target server RDP setting ?
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
You mean this option.

10-Oct-18-10-23-45-AM.jpg

Author

Commented:
Dear Jose Gabriel Ortega Castro,

I have disabled the SSL 2.0 SSL 3.0 and TLS 1.0 by this.

10-Oct-18-10-26-34-AM.jpgSAME FOR SSL 3.0 and TLS 1.0


And Enabled TLS 1.1 and TLS 1.2 by this,

10-Oct-18-10-28-30-AM.jpgSAME FOR TLS 1.2

Author

Commented:
Dear David Johnson, CD, MVP,

Please see that i have to disabled TLS 1.0 its MANDATORY for vulnerability.

Thanks

Author

Commented:
Dear David Johnson, CD, MVP,

Your link said ONE OF THE FOLLOWING METHODS so its mean any one i can choose.

Can you please tell how can i do these steps.

Set up RDS without Connection Broker for a single server installation.

Thanks
Top Expert 2016

Commented:
remove connection broker from remote desktop services.2018-10-10_1-46-38.png

Author

Commented:
Dear David,

I have following settings and Connection Broker is already not selected please see below screenshot.

10-Oct-18-10-49-20-AM.jpg
Jose Gabriel Ortega CastroTop Rated Freelancer on MS Technologies
Awarded 2018
Distinguished Expert 2018

Commented:
I had a similar bug on my script but it was solved  On this question:
https://www.experts-exchange.com/questions/29055597/Remote-Desktop-TLS-1-0.html

So it's safe to use this script, it has all the documentation in it.
https://gallery.technet.microsoft.com/scriptcenter/Solve-SWEET32-Birthday-d2df9cf1

Author

Commented:
Dear Zaheer Iqbal,

We have resolved the problem on windows 2008 r2. This is not an issue.

PROBLEM is with Windows 2012 R2.

Thanks

Author

Commented:
Dear Jose Gabriel Ortega Castro,

Can you please confirm how to revert the SCRIPT if any thing bad happens on PRODUCTION SERVER. ??

Author

Commented:
Dear Jose Gabriel Ortega Castro

I run the script but still error is same.
But after the script TLS 1.1 has also disabled.  Now only TLS 1.2 is enabled in whole server . TLS 1.0 and TLS 1.1 is disabled.
10-Oct-18-12-38-00-PM.jpg
Commented:
Please NOTE that,

There is nothing to do with windows 2012 r2, forget the settings of windows 2012 r2. Remote all RDP settings, EXCEPT TLS 1.0 Disable and TLS 1.1 and 1.2 Enable.

Just install two KB's on Windows 7 Machine.

1) FIRST Windows6.1-KB2574819-v2-x64
2) SECOND Windows6.1-KB2592687-x64

PLEASE MAKE SURE THESE UPDATES SHOULD BE INSTALLED IN SEQUENCE. FIRST then SECOND.

Now i tell you the story,

We had RDP 7.1 on the Windows 7 sp1 computer and RDP 8.0 was an optional download through Windows update. RDP 8 apparently has support for later TLS versions beyond the disabled  TLS 1.0. RDP 8 for Windows 7 is discussed here: https://support.microsoft.com/en-us/kb/2592687.

Reference:- https://netscantools.blogspot.com/2015/06/how-to-access-use-remote-desktop-to.html




Thanks
imtiaza

Author

Commented:
Its Works.
After install below updates on  Windows 7  my workstation starts connecting Windows 2012 R2 through RDP.
1)  Windows6.1-KB2574819-v2-x64
2)  Windows6.1-KB2592687-x64

Note that on Windows 2012 R2 TLS 1.0 is disabled and TLS 1.1 and TLS 1.2 is enabled.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial