WID and RDCB with tls 1.2 only
Hi, for compliance reasons we've to disable tls 1.0 on our systems and thereby encountered an unexpected error. The windows internal database and therefore also the remote desktop connection broker do *not* support anything newer than tls 1.0. We're only allowed to use modern protocols like tls 1.2 or tls 1.3, therefore we've disabled all others within schannel. For now we have re-enabled tls 1.0 on the remote desktop connection broker, but we need to disable it again or we will not pass the certification. Therefore my question: Is it possible to configure the windows internal database to use tls 1.2 and how is that done? Best, agowa338 Edit: There is even a UserVoice Entry: https://remotedesktop.uservoice.com/forums/266795-remote-desktop-services/suggestions/8527261-support-tls-1-2-in-rds-remote-desktop-services According to the response from Microsoft from 2017 it should work, but as others already pointed out it still doesn't because of the windows internal database being TLS 1.0 only. How do others with PCI DSS handle this? Do you deploy an SQL Server for the Remote Desktop Connection Broker instead?