Netsol-NOS
asked on
RDP Lost after Disable TLS 1.0 on Windows 2012 R2
Dear EE,
Remote Desktop has been disabled after i perform following settings on Microsoft Windows 2012 R2.
DISABLED TLS 1.0
ENABLED TLS 1.1
ENABLED TLS 1.2
Please see attached error
Thanks
Remote Desktop has been disabled after i perform following settings on Microsoft Windows 2012 R2.
DISABLED TLS 1.0
ENABLED TLS 1.1
ENABLED TLS 1.2
Please see attached error
Thanks
How did you disable TLS 1.0?
This should be the good point to do it.
https://gallery.technet.microsoft.com/office/Enable-TLS11-and-TLS12-in-f41c9ab0
Please be specific on what you did.
This should be the good point to do it.
https://gallery.technet.microsoft.com/office/Enable-TLS11-and-TLS12-in-f41c9ab0
Please be specific on what you did.
What about unchecking the NLA option in the target server RDP setting ?
ASKER
You mean this option.
ASKER
Dear Jose Gabriel Ortega Castro,
I have disabled the SSL 2.0 SSL 3.0 and TLS 1.0 by this.
SAME FOR SSL 3.0 and TLS 1.0
And Enabled TLS 1.1 and TLS 1.2 by this,
SAME FOR TLS 1.2
I have disabled the SSL 2.0 SSL 3.0 and TLS 1.0 by this.
SAME FOR SSL 3.0 and TLS 1.0And Enabled TLS 1.1 and TLS 1.2 by this,
SAME FOR TLS 1.2
ASKER
Dear David Johnson, CD, MVP,
Please see that i have to disabled TLS 1.0 its MANDATORY for vulnerability.
Thanks
Please see that i have to disabled TLS 1.0 its MANDATORY for vulnerability.
Thanks
ASKER
Dear David Johnson, CD, MVP,
Your link said ONE OF THE FOLLOWING METHODS so its mean any one i can choose.
Can you please tell how can i do these steps.
Set up RDS without Connection Broker for a single server installation.
Thanks
Your link said ONE OF THE FOLLOWING METHODS so its mean any one i can choose.
Can you please tell how can i do these steps.
Set up RDS without Connection Broker for a single server installation.
Thanks
remove connection broker from remote desktop services.
ASKER
Dear David,
I have following settings and Connection Broker is already not selected please see below screenshot.
I have following settings and Connection Broker is already not selected please see below screenshot.
I had a similar bug on my script but it was solved On this question:
https://www.experts-exchange.com/questions/29055597/Remote-Desktop-TLS-1-0.html
So it's safe to use this script, it has all the documentation in it.
https://gallery.technet.microsoft.com/scriptcenter/Solve-SWEET32-Birthday-d2df9cf1
https://www.experts-exchange.com/questions/29055597/Remote-Desktop-TLS-1-0.html
So it's safe to use this script, it has all the documentation in it.
https://gallery.technet.microsoft.com/scriptcenter/Solve-SWEET32-Birthday-d2df9cf1
Have you installed this update.
https://support.microsoft.com/en-us/help/4074621/add-rds-support-for-tls-1-1-and-tls-1-2-in-windows-server-2008-sp2
https://support.microsoft.com/en-us/help/4074621/add-rds-support-for-tls-1-1-and-tls-1-2-in-windows-server-2008-sp2
ASKER
Dear Zaheer Iqbal,
We have resolved the problem on windows 2008 r2. This is not an issue.
PROBLEM is with Windows 2012 R2.
Thanks
We have resolved the problem on windows 2008 r2. This is not an issue.
PROBLEM is with Windows 2012 R2.
Thanks
ASKER
Dear Jose Gabriel Ortega Castro,
Can you please confirm how to revert the SCRIPT if any thing bad happens on PRODUCTION SERVER. ??
Can you please confirm how to revert the SCRIPT if any thing bad happens on PRODUCTION SERVER. ??
ASKER
Dear Jose Gabriel Ortega Castro
I run the script but still error is same.
But after the script TLS 1.1 has also disabled. Now only TLS 1.2 is enabled in whole server . TLS 1.0 and TLS 1.1 is disabled.
I run the script but still error is same.
But after the script TLS 1.1 has also disabled. Now only TLS 1.2 is enabled in whole server . TLS 1.0 and TLS 1.1 is disabled.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Its Works.
After install below updates on Windows 7 my workstation starts connecting Windows 2012 R2 through RDP.
1) Windows6.1-KB2574819-v2-x6
2) Windows6.1-KB2592687-x64
Note that on Windows 2012 R2 TLS 1.0 is disabled and TLS 1.1 and TLS 1.2 is enabled.
After install below updates on Windows 7 my workstation starts connecting Windows 2012 R2 through RDP.
1) Windows6.1-KB2574819-v2-x6
2) Windows6.1-KB2592687-x64
Note that on Windows 2012 R2 TLS 1.0 is disabled and TLS 1.1 and TLS 1.2 is enabled.
https://support.microsoft.com/en-us/help/4036954/disabling-tls1-0-can-cause-rds-connection-broker-or-rdms-to-fail
TL;DR
Set up RDS without Connection Broker for a single server installation.
Do not disable TLS 1.0 on a single Connection Broker deployment.
Configure a high availability Connection Broker deployment that uses dedicated SQL Server.
Note Microsoft has released an update to enable SQL Server communication to use TLS 1.2.