locked
SBS 2011 Remote Web Workplace and TLS 1.0/PCI Compliance RRS feed

  • Question

  • After disabling TLS 1.0 on the server users are unable to access their desktops through Remote Web Workplace. They get to the point where they can select their PC's from the list but then it says it encountered an error. Anyone know of a patch or timeline to get this fixed?

    Thanks,

    Derek

    Tuesday, December 8, 2015 11:04 PM

Answers

  • Derek,

    I don't think this is the answer you want to hear, but Robert has more details about the issue:

    http://windowsserveressentials.com/2015/12/14/sbs-2011-standard-disable-tls-1-0/

    I ran into the same problem at clients and ended up the following workarounds:

    1. Have the external users connect to the office through a VPN tunnel and then use RDP

    2. Have the external users move to a Windows 8.1/10 PC

    Chris

    Thursday, December 24, 2015 6:07 AM

All replies

  • Hi,

    Quote from blog - Introduction to SBS 2011 Standard Remote Web Access(http://blogs.technet.com/b/sbs/archive/2011/03/10/introduction-to-sbs-2011-remote-web-access-rwa.aspx):
    RD Gateway allows TS clients to establish secure connections over SSL (443) using RPC Proxy, also known as RDP over HTTPS. 

    KB 2493594 mentioned that:
    SSL - This security method requires TLS 1.0 to authenticate the server.

    I would recommend you to re-enable TLS 1.0.

    Best Regards,
    Eve Wang

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Thursday, December 10, 2015 8:23 AM
  • Asking why you disabled it?

    Larry Struckmeyer [MVP]-- --If your question is answered please mark the response as the answer so that others can benefit.

    Thursday, December 10, 2015 11:45 PM
  • Our SBS server is outward facing on the internet. When our PCI compliance vendor scans our network it sees that TLS 1.0 is enabled it flags it as a vulnerability. So in order to be PCI compliant we have to disable TLS 1.0.
    Friday, December 11, 2015 1:57 PM
  • Derek,

    I don't think this is the answer you want to hear, but Robert has more details about the issue:

    http://windowsserveressentials.com/2015/12/14/sbs-2011-standard-disable-tls-1-0/

    I ran into the same problem at clients and ended up the following workarounds:

    1. Have the external users connect to the office through a VPN tunnel and then use RDP

    2. Have the external users move to a Windows 8.1/10 PC

    Chris

    Thursday, December 24, 2015 6:07 AM