cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

WID and RDCB with tls 1.2 only

agowa338
Copper Contributor

‎Apr 01 2020 07:32 PM - edited ‎Apr 09 2020 06:34 AM

‎Apr 01 2020 07:32 PM - edited ‎Apr 09 2020 06:34 AM

WID and RDCB with tls 1.2 only

Hi,

 

for compliance reasons we've to disable tls 1.0 on our systems and thereby encountered an unexpected error. The windows internal database and therefore also the remote desktop connection broker do *not* support anything newer than tls 1.0.

We're only allowed to use modern protocols like tls 1.2 or tls 1.3, therefore we've disabled all others within schannel. For now we have re-enabled tls 1.0 on the remote desktop connection broker, but we need to disable it again or we will not pass the certification.

 

Therefore my question: Is it possible to configure the windows internal database to use tls 1.2 and how is that done?

 

Best,

agowa338

 

Edit: There is even a UserVoice Entry: https://remotedesktop.uservoice.com/forums/266795-remote-desktop-services/suggestions/8527261-suppor...

According to the response from Microsoft from 2017 it should work, but as others already pointed out it still doesn't because of the windows internal database being TLS 1.0 only. How do others with PCI DSS handle this? Do you deploy an SQL Server for the Remote Desktop Connection Broker instead?

Labels:
5,697 Views
0 Likes
2 Replies
Reply
2 Replies
Matt_OCC

‎Apr 02 2020 08:29 PM

‎Apr 02 2020 08:29 PM

Re: WID and RDCB with tls 1.2 only

@agowa338 Does your Connection Broker also have the RDWeb and Gateway roles installed?  Do you need TLS 1.2 on your internal network, or just for External transports?

0 Likes
Reply
agowa338

‎Apr 06 2020 02:07 AM

‎Apr 06 2020 02:07 AM

Re: WID and RDCB with tls 1.2 only

@Matt_OCC 

Does your Connection Broker also have the RDWeb and Gateway roles installed?

 

No it doesn't, currently we have the role on a separate server because of the issue with the windows internal database.

 

Do you need TLS 1.2 on your internal network, or just for External transports?

 

We need it for both. In fact we're going to no longer differentiate between internal and external, so that we can much more easily support multi cloud setups.

0 Likes
Reply