RDP Lost after Disable TLS 1.0 on Windows 2012 R2

Dear EE,

Remote Desktop has been disabled after i perform following settings on Microsoft Windows 2012 R2.

DISABLED TLS 1.0
ENABLED TLS 1.1
ENABLED TLS 1.2

Error
Please see attached error

Thanks
Netsol-NOSAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
This is a known issue

https://support.microsoft.com/en-us/help/4036954/disabling-tls1-0-can-cause-rds-connection-broker-or-rdms-to-fail

TL;DR

Set up RDS without Connection Broker for a single server installation.
Do not disable TLS 1.0 on a single Connection Broker deployment.
Configure a high availability Connection Broker deployment that uses dedicated SQL Server.
Note Microsoft has released an update to enable SQL Server communication to use TLS 1.2.
1
Jose Gabriel Ortega CastroCEOCommented:
How did you disable TLS 1.0?

This should be the good point to do it.
https://gallery.technet.microsoft.com/office/Enable-TLS11-and-TLS12-in-f41c9ab0

Please be specific on what you did.
1
Senior IT System EngineerIT ProfessionalCommented:
What about unchecking the NLA option in the target server RDP setting ?
0
The Five Tenets of the Most Secure Backup

Data loss can hit a business in any number of ways. In reality, companies should expect to lose data at some point. The challenge is having a plan to recover from such an event.

Netsol-NOSAuthor Commented:
You mean this option.

10-Oct-18-10-23-45-AM.jpg
1
Netsol-NOSAuthor Commented:
Dear Jose Gabriel Ortega Castro,

I have disabled the SSL 2.0 SSL 3.0 and TLS 1.0 by this.

10-Oct-18-10-26-34-AM.jpgSAME FOR SSL 3.0 and TLS 1.0


And Enabled TLS 1.1 and TLS 1.2 by this,

10-Oct-18-10-28-30-AM.jpgSAME FOR TLS 1.2
0
Netsol-NOSAuthor Commented:
Dear David Johnson, CD, MVP,

Please see that i have to disabled TLS 1.0 its MANDATORY for vulnerability.

Thanks
0
Netsol-NOSAuthor Commented:
Dear David Johnson, CD, MVP,

Your link said ONE OF THE FOLLOWING METHODS so its mean any one i can choose.

Can you please tell how can i do these steps.

Set up RDS without Connection Broker for a single server installation.

Thanks
0
David Johnson, CD, MVPOwnerCommented:
remove connection broker from remote desktop services.2018-10-10_1-46-38.png
0
Netsol-NOSAuthor Commented:
Dear David,

I have following settings and Connection Broker is already not selected please see below screenshot.

10-Oct-18-10-49-20-AM.jpg
0
Jose Gabriel Ortega CastroCEOCommented:
I had a similar bug on my script but it was solved  On this question:
https://www.experts-exchange.com/questions/29055597/Remote-Desktop-TLS-1-0.html

So it's safe to use this script, it has all the documentation in it.
https://gallery.technet.microsoft.com/scriptcenter/Solve-SWEET32-Birthday-d2df9cf1
0
Zaheer IqbalTechnical Assurance & ImplementationCommented:
1
Netsol-NOSAuthor Commented:
Dear Zaheer Iqbal,

We have resolved the problem on windows 2008 r2. This is not an issue.

PROBLEM is with Windows 2012 R2.

Thanks
0
Netsol-NOSAuthor Commented:
Dear Jose Gabriel Ortega Castro,

Can you please confirm how to revert the SCRIPT if any thing bad happens on PRODUCTION SERVER. ??
0
Netsol-NOSAuthor Commented:
Dear Jose Gabriel Ortega Castro

I run the script but still error is same.
But after the script TLS 1.1 has also disabled.  Now only TLS 1.2 is enabled in whole server . TLS 1.0 and TLS 1.1 is disabled.
10-Oct-18-12-38-00-PM.jpg
0
imtiazaCommented:
Please NOTE that,

There is nothing to do with windows 2012 r2, forget the settings of windows 2012 r2. Remote all RDP settings, EXCEPT TLS 1.0 Disable and TLS 1.1 and 1.2 Enable.

Just install two KB's on Windows 7 Machine.

1) FIRST Windows6.1-KB2574819-v2-x64
2) SECOND Windows6.1-KB2592687-x64

PLEASE MAKE SURE THESE UPDATES SHOULD BE INSTALLED IN SEQUENCE. FIRST then SECOND.

Now i tell you the story,

We had RDP 7.1 on the Windows 7 sp1 computer and RDP 8.0 was an optional download through Windows update. RDP 8 apparently has support for later TLS versions beyond the disabled  TLS 1.0. RDP 8 for Windows 7 is discussed here: https://support.microsoft.com/en-us/kb/2592687.

Reference:- https://netscantools.blogspot.com/2015/06/how-to-access-use-remote-desktop-to.html




Thanks
imtiaza
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Netsol-NOSAuthor Commented:
Its Works.
After install below updates on  Windows 7  my workstation starts connecting Windows 2012 R2 through RDP.
1)  Windows6.1-KB2574819-v2-x64
2)  Windows6.1-KB2592687-x64

Note that on Windows 2012 R2 TLS 1.0 is disabled and TLS 1.1 and TLS 1.2 is enabled.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.