none
After Disabling TLS 1.0 on windows server 2012 R2, RDP connection to server is not working. RRS feed

  • Question

  • After Disabling TLS 1.0 on windows server 2012 R2,  RDP connection to server is not working.

    We have other servers where i have disabled TLS 1.0 & able to take the remote access using RDP.  

    Monday, November 4, 2019 7:50 AM

All replies

  • HI
    1 can you enter winver in command prompt on problematical computers and look the os version and os version number ?[for example windows 10  enterprise 1809 (os build 17763.316)]
    If the client machine is running Windows 7, it must have the RDC 8.0 update installed in order to use TLS 1.2. Without the RDC 8.0 update, the Windows 7 client can only use TLS 1.0.

    2 can you enter gpresult /h c:\tls.html on problematical client then look if you have set below policy ?
    Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security set Require use of specific security layer for remote (RDP) connections to ssl
    Incorrect TLS is displayed when you use RDP with SSL encryption
    https://support.microsoft.com/en-us/help/3097192/incorrect-tls-is-displayed-when-you-use-rdp-with-ssl-encryption

    3 is there RD connection broker role install in your RDS environment ? 
      if there is ,did you configure RDCB HA in your environment ?
    RDS Connection Broker or RDMS fails after you disable TLS 1.0 in Windows Server
    https://support.microsoft.com/en-ca/help/4036954/disabling-tls1-0-can-cause-rds-connection-broker-or-rdms-to-fail

    Best Regards
    Andy YOU
    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.





    Tuesday, November 5, 2019 6:14 AM
  • HI
    Is there any progress on your question?

    Best Regards
    Andy YOU
    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, November 7, 2019 2:37 PM
  • HI
    Is there anything to help you?

    Best Regards
    Andy YOU
    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Saturday, November 16, 2019 8:54 AM
  • It may be that RDP is requiring TLS to authenticate RDP sessions via a Registry value, but TLS is disabled, causing the authentication attempts to fail. Are you using TLS 1.2, or 1.1? Or is TLS disabled for RDP connections altogether?

    1. Run Regedit as an Administrator.
    2. Navigate to here: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
    3. Review the value for 'SecurityLayer.' If the value is '2', then the server may be requiring TLS for RDP authentication, but failing to do so, as TLS has been disabled.

    You could try changing this value to '0' and attempting the connection again. For a full explanation of the different SecurityLayer options, see documentation here: https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/microsoft-windows-terminalservices-rdp-winstationextensions-securitylayer

    • Proposed as answer by PremiumSource Wednesday, November 20, 2019 1:27 PM
    Sunday, November 17, 2019 6:19 PM
  • HI
    Is there anything to help you?

    Best Regards
    Andy YOU
    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, November 19, 2019 9:53 AM