troubleshooting Question

Server 2016 Essentials Causing PCI Compliance Scan to Fail

Avatar of philodendrin
philodendrin asked on
SBS* windows server 2016 essentials* pci complianceSecurity
7 Comments1 Solution40 ViewsLast Modified:
Working with a non-profit customer that has a Server 2016 Essentials server. Customer is utilizing almost all of the features in Essentials - workstations are running Essentials "connector" and backup nightly to the server, Anywhere Access is enabled and used, etc.

Problem is... they added a credit card processing terminal on the LAN and now they are failing PCI Compliance scans due to Server 2016 Essentials' use of TLS 1.0 protocol, as well as 64-bit block ciphers, RC4 Ciphers, and the use of "clickjacking" URLs (they cite https://public IP/connect as an example).

My typical go-to fix for this is to add a Public IP, segregate the credit card terminal on a VLAN, route the new public IP to the VLAN and call it good. PCI compliance scans no longer see the server and we don't need to break the server's features.

But, this customer has no funds to add an additional public IP, and my understanding is that if we use something like IIS Crypto to harden the server, it will break the Server 2016 Essentials connector and thus break workstation backups, the ability to join workstations to the domain with the connector tool, and pieces of "Anywhere Access."

Anyone have any other ideas for dealing with this? 
Join our community to see this answer!
Unlock 1 Answer and 7 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 7 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros